Ibm Security_privileged_identity_manager
20 CVEs affecting Ibm Security_privileged_identity_manager. Latest disclosed: 2019-04-02. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5964 | Critical | 9.8 | 2017-02-01 | IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute… |
CVE-2018-1640 | High | 8.8 | 2019-04-02 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By se… |
CVE-2017-1407 | High | 8.8 | 2017-09-28 | IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending… |
CVE-2017-1483 | High | 8.6 | 2017-09-28 | IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users a… |
CVE-2018-1618 | High | 7.7 | 2019-04-02 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a… |
CVE-2016-5958 | High | 7.5 | 2017-02-01 | IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the se… |
CVE-2016-5988 | Medium | 6.5 | 2017-02-01 | IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authe… |
CVE-2016-2996 | Medium | 6.5 | 2016-11-24 | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files v… |
CVE-2016-5990 | Medium | 6.3 | 2017-02-01 | IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the s… |
CVE-2018-1680 | Medium | 5.9 | 2019-04-02 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for… |
CVE-2016-5966 | Medium | 5.9 | 2017-02-01 | IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly ena… |
CVE-2016-5960 | Medium | 5.5 | 2017-06-07 | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 1161… |
CVE-2016-5959 | Medium | 5.3 | 2017-06-07 | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorize… |
CVE-2018-1625 | Medium | 4.3 | 2019-04-02 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, o… |
CVE-2018-1622 | Medium | 4.3 | 2019-04-02 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious… |
CVE-2017-1705 | Medium | 4.3 | 2018-03-30 | IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it ca… |
CVE-2018-1623 | Medium | 4.0 | 2019-04-02 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-F… |
CVE-2016-0366 | Low | 3.7 | 2018-02-21 | IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging… |
CVE-2016-0353 | Low | 3.7 | 2016-11-24 | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https… |
CVE-2018-1626 | Low | 3.1 | 2019-04-02 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to sessio… |