Ibm Security_privileged_identity_manager

20 CVEs affecting Ibm Security_privileged_identity_manager. Latest disclosed: 2019-04-02. Critical: 1, High: 5.

Top CVEs affecting Ibm Security_privileged_identity_manager
CVESeverityScorePublishedSummary
CVE-2016-5964Critical9.82017-02-01IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute…
CVE-2018-1640High8.82019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By se…
CVE-2017-1407High8.82017-09-28IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending…
CVE-2017-1483High8.62017-09-28IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users a…
CVE-2018-1618High7.72019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2016-5958High7.52017-02-01IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the se…
CVE-2016-5988Medium6.52017-02-01IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authe…
CVE-2016-2996Medium6.52016-11-24IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files v…
CVE-2016-5990Medium6.32017-02-01IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the s…
CVE-2018-1680Medium5.92019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for…
CVE-2016-5966Medium5.92017-02-01IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly ena…
CVE-2016-5960Medium5.52017-06-07IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 1161…
CVE-2016-5959Medium5.32017-06-07IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorize…
CVE-2018-1625Medium4.32019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, o…
CVE-2018-1622Medium4.32019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious…
CVE-2017-1705Medium4.32018-03-30IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it ca…
CVE-2018-1623Medium4.02019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-F…
CVE-2016-0366Low3.72018-02-21IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging…
CVE-2016-0353Low3.72016-11-24IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https…
CVE-2018-1626Low3.12019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to sessio…