Vulnerabilites related to ibm - security_identity_manager
CVE-2019-4675 (GCVE-0-2019-4675)
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-16 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"name": "ibm-sim-cve20194675-info-disc (171511)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:C/PR:N/C:H/UI:N/I:N/A:N/AC:H/AV:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T16:45:37",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"name": "ibm-sim-cve20194675-info-disc (171511)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2019-4675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1288714",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1288714 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"name": "ibm-sim-cve20194675-info-disc (171511)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4675",
"datePublished": "2020-02-04T16:45:37.764340Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:28:34.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4038 (GCVE-0-2019-4038)
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-09-17 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0 Version: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sim-cve20194038-code-injection(156162)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2019-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:P/C:H/I:H/PR:H/S:C/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-04T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sim-cve20194038-code-injection(156162)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-01T00:00:00",
"ID": "CVE-2019-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "P",
"C": "H",
"I": "H",
"PR": "H",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sim-cve20194038-code-injection(156162)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10869604",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4038",
"datePublished": "2019-02-04T21:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:28:30.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0336 (GCVE-0-2016-0336)
Vulnerability from cvelistv5
Published
2018-01-12 17:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"name": "ibm-sim-cve20160336-xss(111737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"name": "ibm-sim-cve20160336-xss(111737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"name": "ibm-sim-cve20160336-xss(111737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0336",
"datePublished": "2018-01-12T17:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1967 (GCVE-0-2018-1967)
Vulnerability from cvelistv5
Published
2019-01-14 14:00
Modified
2024-09-17 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181967-xss(153748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153748"
},
{
"name": "106554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181967-xss(153748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153748"
},
{
"name": "106554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-1967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10794615",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181967-xss(153748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153748"
},
{
"name": "106554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1967",
"datePublished": "2019-01-14T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:07:17.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6112 (GCVE-0-2014-6112)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sim-cve20146112-weak-security(96184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sim-cve20146112-weak-security(96184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sim-cve20146112-weak-security(96184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6112",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29691 (GCVE-0-2021-29691)
Vulnerability from cvelistv5
Published
2021-05-20 15:10
Modified
2024-09-16 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:01.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129691-info-disc (200252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/S:U/I:N/AC:H/A:N/AV:N/PR:N/UI:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:10:32",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129691-info-disc (200252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129691-info-disc (200252)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29691",
"datePublished": "2021-05-20T15:10:32.826141Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T23:36:16.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6098 (GCVE-0-2014-6098)
Vulnerability from cvelistv5
Published
2014-11-18 01:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "ibm-sim-cve20146098-info-disc(95961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95961"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "ibm-sim-cve20146098-info-disc(95961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95961"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "ibm-sim-cve20146098-info-disc(95961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95961"
},
{
"name": "62363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6098",
"datePublished": "2014-11-18T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29686 (GCVE-0-2021-29686)
Vulnerability from cvelistv5
Published
2021-05-20 15:10
Modified
2024-09-17 00:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Bypass Security
Summary
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:01.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129686-sec-bypass (200015)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/UI:N/C:L/S:U/AV:N/A:N/AC:L/I:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:10:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129686-sec-bypass (200015)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129686-sec-bypass (200015)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29686",
"datePublished": "2021-05-20T15:10:30.753104Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-17T00:35:41.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1962 (GCVE-0-2018-1962)
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-09-16 21:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106854",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name": "ibm-sim-cve20181962-info-disc(153658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2019-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "106854",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name": "ibm-sim-cve20181962-info-disc(153658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-30T00:00:00",
"ID": "CVE-2018-1962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106854"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name": "ibm-sim-cve20181962-info-disc(153658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1962",
"datePublished": "2019-02-04T21:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T21:04:35.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6109 (GCVE-0-2014-6109)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146109-ldap-injection(96173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146109-ldap-injection(96173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146109-ldap-injection(96173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6109",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6110 (GCVE-0-2014-6110)
Vulnerability from cvelistv5
Published
2014-11-18 01:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "ibm-sim-cve20146110-sec-bypass(96179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "ibm-sim-cve20146110-sec-bypass(96179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "ibm-sim-cve20146110-sec-bypass(96179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6110",
"datePublished": "2014-11-18T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1483 (GCVE-0-2017-1483)
Vulnerability from cvelistv5
Published
2017-09-27 17:00
Modified
2024-09-16 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0 Version: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2017-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-25T00:00:00",
"ID": "CVE-2017-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101013"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007375",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007375"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1483",
"datePublished": "2017-09-27T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:35:26.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0335 (GCVE-0-2016-0335)
Vulnerability from cvelistv5
Published
2018-01-12 17:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"name": "ibm-sim-cve20160335-csrf(111736)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"name": "ibm-sim-cve20160335-csrf(111736)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"name": "ibm-sim-cve20160335-csrf(111736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0335",
"datePublished": "2018-01-12T17:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9739 (GCVE-0-2016-9739)
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-06 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Identity Manager |
Version: 6.0 Version: 5.0 Version: 5.1 Version: 6 Version: 7.0 Version: 7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037765",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037765"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996761"
},
{
"name": "95326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7"
}
]
}
],
"datePublic": "2017-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1037765",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037765"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996761"
},
{
"name": "95326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "5.0"
},
{
"version_value": "5.1"
},
{
"version_value": "6"
},
{
"version_value": "7.0"
},
{
"version_value": "7"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037765",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037765"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996761",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996761"
},
{
"name": "95326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9739",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29682 (GCVE-0-2021-29682)
Vulnerability from cvelistv5
Published
2021-05-20 15:10
Modified
2024-09-16 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129682-info-disc (199997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/UI:N/S:U/C:L/AV:N/A:N/AC:L/I:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:10:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129682-info-disc (199997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129682-info-disc (199997)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29682",
"datePublished": "2021-05-20T15:10:29.451609Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T20:06:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6095 (GCVE-0-2014-6095)
Vulnerability from cvelistv5
Published
2014-11-18 01:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "ibm-sim-cve20146095-dir-traversal(95943)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95943"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "ibm-sim-cve20146095-dir-traversal(95943)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95943"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62363"
},
{
"name": "ibm-sim-cve20146095-dir-traversal(95943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95943"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6095",
"datePublished": "2014-11-18T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20488 (GCVE-0-2021-20488)
Vulnerability from cvelistv5
Published
2021-06-16 16:15
Modified
2024-09-17 03:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"name": "ibm-sim-cve202120488-gain-access (197789)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
}
]
}
],
"datePublic": "2021-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/C:H/PR:L/UI:N/A:H/S:U/AC:H/I:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-17T10:57:05",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"name": "ibm-sim-cve202120488-gain-access (197789)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-06-15T00:00:00",
"ID": "CVE-2021-20488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6464081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6464081 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"name": "ibm-sim-cve202120488-gain-access (197789)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20488",
"datePublished": "2021-06-16T16:15:19.775153Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T03:53:52.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6108 (GCVE-0-2014-6108)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146108-info-disc(96172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146108-info-disc(96172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146108-info-disc(96172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6108",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29864 (GCVE-0-2021-29864)
Vulnerability from cvelistv5
Published
2022-08-30 18:40
Modified
2024-09-17 02:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.0 Version: 6.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6616101"
},
{
"name": "ibm-sim-cve202129864-open-redirect (206089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "6.0.2"
}
]
}
],
"datePublic": "2022-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/C:N/UI:R/A:N/AV:N/S:C/I:H/PR:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T18:40:09",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6616101"
},
{
"name": "ibm-sim-cve202129864-open-redirect (206089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-08-29T00:00:00",
"ID": "CVE-2021-29864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.0"
},
{
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6616101",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6616101 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6616101"
},
{
"name": "ibm-sim-cve202129864-open-redirect (206089)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29864",
"datePublished": "2022-08-30T18:40:09.653884Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-17T02:15:34.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1405 (GCVE-0-2017-1405)
Vulnerability from cvelistv5
Published
2018-06-08 13:00
Modified
2024-09-16 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name": "ibm-sim-cve20171405-code-exec(127392)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2018-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.9,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:N/I:H/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-08T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name": "ibm-sim-cve20171405-code-exec(127392)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-06T00:00:00",
"ID": "CVE-2017-1405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "N",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013617",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name": "ibm-sim-cve20171405-code-exec(127392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1405",
"datePublished": "2018-06-08T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:12:27.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6106 (GCVE-0-2014-6106)
Vulnerability from cvelistv5
Published
2017-09-18 15:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146106-csrf(96145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T14:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "73167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146106-csrf(96145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73167"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146106-csrf(96145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6106",
"datePublished": "2017-09-18T15:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0961 (GCVE-0-2014-0961)
Vulnerability from cvelistv5
Published
2014-06-08 18:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sim-cve20140961-csrf(92747)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"name": "59080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59080"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"name": "67909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sim-cve20140961-csrf(92747)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"name": "59080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59080"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"name": "67909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sim-cve20140961-csrf(92747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"name": "59080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59080"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"name": "67909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0961",
"datePublished": "2014-06-08T18:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1453 (GCVE-0-2018-1453)
Vulnerability from cvelistv5
Published
2018-06-08 13:00
Modified
2024-09-16 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name": "1041383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041383"
},
{
"name": "ibm-sim-cve20181453-file-upload(140055)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2018-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name": "1041383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041383"
},
{
"name": "ibm-sim-cve20181453-file-upload(140055)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-06T00:00:00",
"ID": "CVE-2018-1453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013617",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name": "1041383",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041383"
},
{
"name": "ibm-sim-cve20181453-file-upload(140055)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1453",
"datePublished": "2018-06-08T13:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T16:48:32.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20483 (GCVE-0-2021-20483)
Vulnerability from cvelistv5
Published
2021-06-16 16:15
Modified
2024-09-16 23:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"name": "ibm-sim-cve202120483-ssrf (197591)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
}
]
}
],
"datePublic": "2021-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/S:U/A:N/I:L/C:N/AV:N/PR:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T16:15:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"name": "ibm-sim-cve202120483-ssrf (197591)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-06-15T00:00:00",
"ID": "CVE-2021-20483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6464081",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6464081 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"name": "ibm-sim-cve202120483-ssrf (197591)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20483",
"datePublished": "2021-06-16T16:15:18.128243Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T23:21:08.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29688 (GCVE-0-2021-29688)
Vulnerability from cvelistv5
Published
2021-05-20 15:10
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.2 Version: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:02.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"name": "ibm-sim-cve202129688-info-disc (200102)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/UI:N/S:U/C:L/A:N/AV:N/I:N/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:10:32",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"name": "ibm-sim-cve202129688-info-disc (200102)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "https://www.ibm.com/support/pages/node/6454605",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454605 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"name": "ibm-sim-cve202129688-info-disc (200102)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29688",
"datePublished": "2021-05-20T15:10:32.109678Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-17T00:51:05.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4451 (GCVE-0-2019-4451)
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-16 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1288720"
},
{
"name": "ibm-sim-cve20194451-xss (163493)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163493"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/A:N/AC:L/AV:N/S:C/PR:L/UI:R/C:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T16:45:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1288720"
},
{
"name": "ibm-sim-cve20194451-xss (163493)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163493"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2019-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1288720",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1288720 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/1288720"
},
{
"name": "ibm-sim-cve20194451-xss (163493)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163493"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4451",
"datePublished": "2020-02-04T16:45:34.147203Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:49:00.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6107 (GCVE-0-2014-6107)
Vulnerability from cvelistv5
Published
2014-11-18 01:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146107-info-disc(96150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146107-info-disc(96150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146107-info-disc(96150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6107",
"datePublished": "2014-11-18T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29687 (GCVE-0-2021-29687)
Vulnerability from cvelistv5
Published
2021-05-20 15:10
Modified
2024-09-16 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:01.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"name": "ibm-sim-cve202129687-info-disc (200018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AV:N/I:N/AC:H/C:L/S:U/UI:N/PR:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:10:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"name": "ibm-sim-cve202129687-info-disc (200018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454605",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454605 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"name": "ibm-sim-cve202129687-info-disc (200018)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29687",
"datePublished": "2021-05-20T15:10:31.400033Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T20:07:18.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6096 (GCVE-0-2014-6096)
Vulnerability from cvelistv5
Published
2014-11-18 01:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146096-xss(95944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95944"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146096-xss(95944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95944"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146096-xss(95944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95944"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6096",
"datePublished": "2014-11-18T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6105 (GCVE-0-2014-6105)
Vulnerability from cvelistv5
Published
2014-11-18 01:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146105-clickjacking(96144)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96144"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV66624",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146105-clickjacking(96144)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96144"
},
{
"name": "IV66635",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146105-clickjacking(96144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96144"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6105",
"datePublished": "2014-11-18T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4970 (GCVE-0-2020-4970)
Vulnerability from cvelistv5
Published
2022-05-19 16:05
Modified
2024-09-17 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Governance and Intelligence |
Version: 5.2.4 Version: 5.2.5 Version: 5.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6587435"
},
{
"name": "ibm-sig-cve20204970-info-disc (192429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Governance and Intelligence",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.2.5"
},
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"datePublic": "2022-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/I:N/UI:R/AV:N/PR:N/C:H/A:N/AC:H/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T16:05:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6587435"
},
{
"name": "ibm-sig-cve20204970-info-disc (192429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-05-18T00:00:00",
"ID": "CVE-2020-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Governance and Intelligence",
"version": {
"version_data": [
{
"version_value": "5.2.4"
},
{
"version_value": "5.2.5"
},
{
"version_value": "5.2.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6587435",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6587435 (Security Identity Governance and Intelligence)",
"url": "https://www.ibm.com/support/pages/node/6587435"
},
{
"name": "ibm-sig-cve20204970-info-disc (192429)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4970",
"datePublished": "2022-05-19T16:05:11.447573Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:38:47.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1362 (GCVE-0-2017-1362)
Vulnerability from cvelistv5
Published
2017-09-25 16:00
Modified
2024-09-16 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0 Version: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100965"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2017-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "100965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100965"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-21T00:00:00",
"ID": "CVE-2017-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100965"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126801",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126801"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007381",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1362",
"datePublished": "2017-09-25T16:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:25:29.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6111 (GCVE-0-2014-6111)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146111-info-disc(96180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146111-info-disc(96180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146111-info-disc(96180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6111",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1959 (GCVE-0-2018-1959)
Vulnerability from cvelistv5
Published
2019-01-24 17:00
Modified
2024-09-16 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106726"
},
{
"name": "ibm-sim-cve20181959-info-disc(153633)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2019-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-28T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "106726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106726"
},
{
"name": "ibm-sim-cve20181959-info-disc(153633)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2018-1959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106726"
},
{
"name": "ibm-sim-cve20181959-info-disc(153633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153633"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1959",
"datePublished": "2019-01-24T17:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:17:16.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6168 (GCVE-0-2014-6168)
Vulnerability from cvelistv5
Published
2014-12-29 02:00
Modified
2024-08-06 12:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692907"
},
{
"name": "ibm-sim-cve20146168-csrf(97752)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692907"
},
{
"name": "ibm-sim-cve20146168-csrf(97752)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692907",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692907"
},
{
"name": "ibm-sim-cve20146168-csrf(97752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6168",
"datePublished": "2014-12-29T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29683 (GCVE-0-2021-29683)
Vulnerability from cvelistv5
Published
2021-05-20 15:10
Modified
2024-09-17 00:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:01.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129683-info-disc (199998)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/PR:L/AV:N/A:N/AC:H/I:N/C:H/S:U/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:10:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129683-info-disc (199998)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199998"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129683-info-disc (199998)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199998"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29683",
"datePublished": "2021-05-20T15:10:30.105925Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-17T00:02:12.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29692 (GCVE-0-2021-29692)
Vulnerability from cvelistv5
Published
2021-05-20 15:10
Modified
2024-09-16 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:01.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129692-info-disc (200253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2021-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.7,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/S:U/I:N/AC:H/A:N/AV:N/PR:N/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:10:33",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129692-info-disc (200253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-19T00:00:00",
"ID": "CVE-2021-29692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6454587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6454587 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"name": "ibm-sim-cve202129692-info-disc (200253)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29692",
"datePublished": "2021-05-20T15:10:33.497712Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T18:54:06.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4561 (GCVE-0-2019-4561)
Vulnerability from cvelistv5
Published
2019-11-20 16:16
Modified
2024-09-16 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1108695"
},
{
"name": "ibm-sim-cve20194561-command-exec (166456)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2019-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/UI:R/I:H/AV:N/A:H/S:U/PR:L/C:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T16:16:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1108695"
},
{
"name": "ibm-sim-cve20194561-command-exec (166456)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-11-19T00:00:00",
"ID": "CVE-2019-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1108695",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1108695 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/1108695"
},
{
"name": "ibm-sim-cve20194561-command-exec (166456)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4561",
"datePublished": "2019-11-20T16:16:11.703644Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:46:20.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2019 (GCVE-0-2018-2019)
Vulnerability from cvelistv5
Published
2019-01-18 17:00
Modified
2024-09-17 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20182019-xxe(155265)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155265"
},
{
"name": "106657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-21T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20182019-xxe(155265)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155265"
},
{
"name": "106657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-2019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10794615",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20182019-xxe(155265)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155265"
},
{
"name": "106657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-2019",
"datePublished": "2019-01-18T17:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:12:35.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4674 (GCVE-0-2019-4674)
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:49.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"name": "ibm-sim-cve20194674-info-disc (171510)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:C/PR:H/C:H/UI:N/I:N/A:N/AV:N/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T16:45:37",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"name": "ibm-sim-cve20194674-info-disc (171510)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2019-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "H",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1288714",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1288714 (Security Identity Manager)",
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"name": "ibm-sim-cve20194674-info-disc (171510)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4674",
"datePublished": "2020-02-04T16:45:37.277900Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:16:01.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1956 (GCVE-0-2018-1956)
Vulnerability from cvelistv5
Published
2019-01-14 14:00
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181956-info-disc(153628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153628"
},
{
"name": "106554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181956-info-disc(153628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153628"
},
{
"name": "106554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-1956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10794615",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181956-info-disc(153628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153628"
},
{
"name": "106554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1956",
"datePublished": "2019-01-14T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T22:30:16.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1407 (GCVE-0-2017-1407)
Vulnerability from cvelistv5
Published
2017-09-27 17:00
Modified
2024-09-17 03:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0 Version: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007377"
},
{
"name": "101015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2017-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007377"
},
{
"name": "101015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-25T00:00:00",
"ID": "CVE-2017-1407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007377",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007377"
},
{
"name": "101015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101015"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1407",
"datePublished": "2017-09-27T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:13:34.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1969 (GCVE-0-2018-1969)
Vulnerability from cvelistv5
Published
2019-01-14 14:00
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 6.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181969-file-upload(153750)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153750"
},
{
"name": "106554",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment. IBM X-Force ID: 153750."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181969-file-upload(153750)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153750"
},
{
"name": "106554",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-1969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment. IBM X-Force ID: 153750."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10794615",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"name": "ibm-sim-cve20181969-file-upload(153750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153750"
},
{
"name": "106554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1969",
"datePublished": "2019-01-14T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:36:54.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21996761 | Patch, VDB Entry | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95326 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1037765 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21996761 | Patch, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95326 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037765 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.0.0 | |
| ibm | security_identity_manager | 7.0.0.1 | |
| ibm | security_identity_manager | 7.0.0.2 | |
| ibm | security_identity_manager | 7.0.0.3 | |
| ibm | security_identity_manager | 7.0.1.0 | |
| ibm | security_identity_manager | 7.0.1.1 | |
| ibm | security_identity_manager | 7.0.1.2 | |
| ibm | security_identity_manager | 7.0.1.3 | |
| ibm | security_identity_manager | 7.0.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0187EA9-098C-4650-A385-4CACC1356F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77281156-D7B4-4A83-B662-9903DFA7605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5009680B-056D-4C0D-8892-B432179C3EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29A4723E-A314-43F7-8739-2E1F7AF25BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A70ECF4B-6DBA-43C1-868B-0748B6F57E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F8C579-41C6-4AB5-852D-B216805AA5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AFC036-3A80-4A5C-B8F3-9AB63AA8A3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D9FDEA-6E19-448F-AF36-2602C8368D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "533AC1D5-3D05-4038-9186-754105F512C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user."
},
{
"lang": "es",
"value": "El Dispositivo virtual de IBM Security Identity Manager almacena las credenciales de usuario en un texto plano que puede ser le\u00eddo por un usuario local."
}
],
"id": "CVE-2016-9739",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:01.260",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"VDB Entry"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996761"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95326"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"VDB Entry"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037765"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 19:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/206089 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6616101 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/206089 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6616101 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0 | |
| ibm | security_identity_manager | 6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E33900F8-C0A0-4912-BCDF-0DE117AAF745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8647241-FA30-4B5A-9318-40402848E7BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089"
},
{
"lang": "es",
"value": "IBM Security Identity Manager versiones 6.0 y 6.0.2, podr\u00eda permitir a un atacante remoto conducir ataques de suplantaci\u00f3n de identidad, usando un ataque de redireccionamiento abierto. Al persuadir a una v\u00edctima para que visite un sitio web especialmente dise\u00f1ado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para falsificar la URL mostrada y redirigir al usuario a un sitio web malicioso que parecer\u00eda ser confiable. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente sensible o realizar otros ataques contra la v\u00edctima. ID de IBM X-Force: 206089"
}
],
"id": "CVE-2021-29864",
"lastModified": "2024-11-21T06:01:56.390",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T19:15:08.670",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206089"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6616101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6616101"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199998 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199998 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55FD51C9-A42C-4B88-8F54-0C754CB24497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.2, almacena las credenciales de usuario en texto sin formato que puede ser le\u00eddo por un usuario autenticado.\u0026#xa0;IBM X-Force ID: 199998"
}
],
"id": "CVE-2021-29683",
"lastModified": "2024-11-21T06:01:38.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T15:15:07.787",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199998"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-20 17:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/166456 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1108695 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/166456 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1108695 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E33900F8-C0A0-4912-BCDF-0DE117AAF745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 6.0.0, podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario sobre el sistema, causado por la deserializaci\u00f3n de datos no seguros. Persuadiendo a una v\u00edctima para que visite un sitio web especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema. ID de IBM X-Force: 166456."
}
],
"id": "CVE-2019-4561",
"lastModified": "2024-11-21T04:43:44.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T17:15:11.800",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166456"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1108695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1108695"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454587 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454605 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454587 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454605 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.2 | |
| ibm | security_identity_manager | 7.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8647241-FA30-4B5A-9318-40402848E7BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55FD51C9-A42C-4B88-8F54-0C754CB24497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.2, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando es devuelto un mensaje de error t\u00e9cnico detallado en el navegador.\u0026#xa0;Esta informaci\u00f3n podr\u00eda ser usada en nuevos ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 200102"
}
],
"id": "CVE-2021-29688",
"lastModified": "2024-11-21T06:01:38.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T15:15:07.893",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200102"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-18 16:29
Modified
2024-11-21 04:03
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106657 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/155265 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106657 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/155265 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0 | |
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 | |
| ibm | security_identity_manager | 6.0.0.4 | |
| ibm | security_identity_manager | 6.0.0.5 | |
| ibm | security_identity_manager | 6.0.0.6 | |
| ibm | security_identity_manager | 6.0.0.10 | |
| ibm | security_identity_manager | 6.0.0.14 | |
| ibm | security_identity_manager | 6.0.0.18 | |
| ibm | security_identity_manager | 6.0.0.19 | |
| ibm | security_identity_manager | 6.0.0.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E33900F8-C0A0-4912-BCDF-0DE117AAF745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27A06732-F394-4941-825B-579F752A792B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "445D91F5-6510-4623-AB75-F19FBCEFA645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "681C3C89-4E44-4B76-92BC-8C7CCC8D7388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAA5A71-9674-4DAE-B866-1E1AF5F27616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE4D0BF-336C-48D5-A173-7B60FEC577A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA43DA4-EF81-436D-8BB6-6793C09F14D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "89EF5851-6C63-4C9E-998D-ABCE1C101090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7702A2FD-E505-43B9-81F0-D2012C4E6FDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265."
},
{
"lang": "es",
"value": "La versi\u00f3n 6.0.0 de IBM Security Identity Manager es vulnerable a ataques del tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 155265."
}
],
"id": "CVE-2018-2019",
"lastModified": "2024-11-21T04:03:35.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-18T16:29:00.197",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106657"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155265"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-25 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007381 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100965 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126801 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007381 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100965 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126801 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801."
},
{
"lang": "es",
"value": "IBM Security Identity Manager Adapters 6.0 y 7.0 almacena las credenciales de usuario en texto plano, por lo que podr\u00edan ser le\u00eddos por un usuario local. IBM X-Force ID: 126801."
}
],
"id": "CVE-2017-1362",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-25T16:29:00.303",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007381"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100965"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126801"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-19 16:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192429 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6587435 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192429 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6587435 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 5.2.4 | |
| ibm | security_identity_manager | 5.2.5 | |
| ibm | security_identity_manager | 5.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F37FFDAE-5455-4123-97AD-7D13160C0243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8E1FD6-2B82-4627-BE41-DDEAA010DD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "08544FEE-4C5E-4608-A96A-F07641638A62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429."
},
{
"lang": "es",
"value": "IBM Security Identity Governance and Intelligence versiones 5.2.4, 5.2.5 y 5.2.6, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial, causado por el fallo en la habilitaci\u00f3n apropiada de HTTP Strict Transport Security. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial usando t\u00e9cnicas de tipo man in the middle. IBM X-Force ID: 192429"
}
],
"id": "CVE-2020-4970",
"lastModified": "2024-11-21T05:33:29.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-19T16:15:07.833",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192429"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6587435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6587435"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-12 17:29
Modified
2024-11-21 02:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21981438 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/111737 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21981438 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/111737 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.0.0 | |
| ibm | security_identity_manager | 7.0.0.1 | |
| ibm | security_identity_manager | 7.0.0.2 | |
| ibm | security_identity_manager | 7.0.0.3 | |
| ibm | security_identity_manager | 7.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0187EA9-098C-4650-A385-4CACC1356F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77281156-D7B4-4A83-B662-9903DFA7605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5009680B-056D-4C0D-8892-B432179C3EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29A4723E-A314-43F7-8739-2E1F7AF25BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A70ECF4B-6DBA-43C1-868B-0748B6F57E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versi\u00f3n 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que usuarios autenticados remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 111737."
}
],
"id": "CVE-2016-0336",
"lastModified": "2024-11-21T02:41:30.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-12T17:29:00.850",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111737"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/171510 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1288714 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/171510 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1288714 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7374B2-A5B0-47CC-A1ED-8374E177BD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.1, podr\u00eda permitir a un atacante remoto saltar directorios en el sistema. Un atacante podr\u00eda enviar una petici\u00f3n URL especialmente dise\u00f1ada que contenga secuencias \"dot dot\" (/../) para visualizar archivos arbitrarios en el sistema. ID de IBM X-Force: 171510."
}
],
"id": "CVE-2019-4674",
"lastModified": "2024-11-21T04:43:58.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T17:15:12.920",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171510"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 facilitan que atacantes remotos obtengan informaci\u00f3n sensible aprovechando el soporte para cifrados SSL d\u00e9biles. IBM X-Force ID: 96184."
}
],
"id": "CVE-2014-6112",
"lastModified": "2024-11-21T02:13:48.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.520",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-14 14:29
Modified
2024-11-21 04:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106554 | Third Party Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153628 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106554 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153628 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2AE2D9-35E2-43B3-A259-0CC1439A4ACC",
"versionEndIncluding": "6.0.0.20",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628."
},
{
"lang": "es",
"value": "La versi\u00f3n 6.0.0 de IBM Security Identity Manager no requiere que los usuarios tengan contrase\u00f1as fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 153628."
}
],
"id": "CVE-2018-1956",
"lastModified": "2024-11-21T04:00:39.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-14T14:29:00.253",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153628"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-08 13:29
Modified
2024-11-21 03:59
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22013617 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041383 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/140055 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22013617 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041383 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/140055 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0 | |
| ibm | security_identity_manager | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7374B2-A5B0-47CC-A1ED-8374E177BD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055."
},
{
"lang": "es",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse autom\u00e1ticamente en el entorno. IBM X-Force ID: 140055."
}
],
"id": "CVE-2018-1453",
"lastModified": "2024-11-21T03:59:50.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-08T13:29:00.937",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041383"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/171511 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1288714 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/171511 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1288714 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7374B2-A5B0-47CC-A1ED-8374E177BD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.1, contiene credenciales embebidas, tales como una contrase\u00f1a o clave criptogr\u00e1fica, que la utiliza para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente a componentes externos o cifrado de datos internos. ID de IBM X-Force: 171511."
}
],
"id": "CVE-2019-4675",
"lastModified": "2024-11-21T04:43:58.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T17:15:13.000",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171511"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1288714"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-12 17:29
Modified
2024-11-21 02:41
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21981438 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/111736 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21981438 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/111736 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.0.0 | |
| ibm | security_identity_manager | 7.0.0.1 | |
| ibm | security_identity_manager | 7.0.0.2 | |
| ibm | security_identity_manager | 7.0.0.3 | |
| ibm | security_identity_manager | 7.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0187EA9-098C-4650-A385-4CACC1356F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77281156-D7B4-4A83-B662-9903DFA7605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5009680B-056D-4C0D-8892-B432179C3EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29A4723E-A314-43F7-8739-2E1F7AF25BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A70ECF4B-6DBA-43C1-868B-0748B6F57E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versi\u00f3n 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que atacantes remotos secuestren la autenticaci\u00f3n de usuarios para peticiones que tienen un impacto sin especificar mediante vectores desconocidos. IBM X-Force ID: 111736."
}
],
"id": "CVE-2016-0335",
"lastModified": "2024-11-21T02:41:30.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-12T17:29:00.803",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111736"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-29 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 5.1.0 | |
| ibm | security_identity_manager | 5.1.0.3 | |
| ibm | security_identity_manager | 5.1.0.4 | |
| ibm | security_identity_manager | 5.1.0.5 | |
| ibm | security_identity_manager | 5.1.0.6 | |
| ibm | security_identity_manager | 5.1.0.7 | |
| ibm | security_identity_manager | 5.1.0.8 | |
| ibm | security_identity_manager | 5.1.0.9 | |
| ibm | security_identity_manager | 5.1.0.10 | |
| ibm | security_identity_manager | 5.1.0.11 | |
| ibm | security_identity_manager | 5.1.0.12 | |
| ibm | security_identity_manager | 5.1.0.13 | |
| ibm | security_identity_manager | 5.1.0.14 | |
| ibm | security_identity_manager | 5.1.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA266A-AB57-43CA-B0DD-56D167A7B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0401FB23-78F5-4846-87FC-6B82DCE0D6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5FF53B-4A96-49D9-8A27-9AA29563C9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60933A03-C013-4B49-957F-0291B85B0112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3342C496-2E4D-4456-819C-5B87260593ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A53DE24-6235-4581-A365-203036873D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD63BA3E-1F44-4544-9A7E-5D24D90D476C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAD207D-34DF-4F6C-ADED-08257890507A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3467708F-A821-4148-B528-D552564D8326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "409A6900-589C-4378-9475-B6B10D4FF1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D34B8A89-04F4-431C-9893-49B1191B903D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9918ADB8-2D87-4736-B5B3-6389D4A2EDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7D09AD-64DA-46F3-B1BF-9D0066BE43E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "49268C21-2AAF-4103-AACC-FE75A234C563",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en IBM Security Identity Manager 5.1 anterior a 5.1.0.15 IF0056 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones que insertan secuencias XSS."
}
],
"id": "CVE-2014-6168",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-29T02:59:02.487",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692907"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97752"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-28 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007377 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101015 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/127394 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007377 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101015 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/127394 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_governance_and_intelligence | 5.2.0 | |
| ibm | security_identity_governance_and_intelligence | 5.2.1 | |
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 7.0.0.0 | |
| ibm | security_privileged_identity_manager | 2.0.0 | |
| ibm | security_privileged_identity_manager | 2.0.1 | |
| ibm | security_privileged_identity_manager | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAAD944-2A0E-4A75-AE51-34DDC4C3ACB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8B59F0-C465-476F-9775-09D411D9C019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0187EA9-098C-4650-A385-4CACC1356F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B611614-3FF9-401F-A88F-04DBF065FDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45FB33ED-08C3-467A-921D-F70349661B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D07547A7-E87E-4085-983F-29BD485E3160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394."
},
{
"lang": "es",
"value": "IBM Security Identity Manager Virtual Appliance en sus versiones 6.0 y 7.0 podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. Mediante el env\u00edo de una petici\u00f3n especialmente manipulada, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el sistema. IBM X-Force ID: 127394."
}
],
"id": "CVE-2017-1407",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-28T01:29:01.403",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007377"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101015"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:00
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106854 | Third Party Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153658 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106854 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153658 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64A9D38-688E-4787-9744-24C943CD91E5",
"versionEndIncluding": "7.0.1.10",
"versionStartIncluding": "7.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658."
},
{
"lang": "es",
"value": "IBM Security Identity Manager Virtual Appliance 7.0.1 no invalida los tokens de sesi\u00f3n cuando el bot\u00f3n de cierre de sesi\u00f3n est\u00e1 pulsado. La falta de una terminaci\u00f3n correcta de la sesi\u00f3n podr\u00eda permitir que los atacantes con acceso local inicien sesi\u00f3n en una sesi\u00f3n del navegador cerrada. IBM X-Force ID: 153658."
}
],
"id": "CVE-2018-1962",
"lastModified": "2024-11-21T04:00:40.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T21:29:00.487",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106854"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153658"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-28 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007375 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101013 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128621 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007375 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101013 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128621 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_governance_and_intelligence | 5.2 | |
| ibm | security_identity_governance_and_intelligence | 5.2.1 | |
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 7.0.0.0 | |
| ibm | security_privileged_identity_manager | 2.0 | |
| ibm | security_privileged_identity_manager | 2.0.1 | |
| ibm | security_privileged_identity_manager | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21A3FF17-CA69-4AD0-9E2F-08EF894E4707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8B59F0-C465-476F-9775-09D411D9C019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0187EA9-098C-4650-A385-4CACC1356F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_privileged_identity_manager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57EC043A-A9F1-4DE1-BFBB-3E48AFEE70EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45FB33ED-08C3-467A-921D-F70349661B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D07547A7-E87E-4085-983F-29BD485E3160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621."
},
{
"lang": "es",
"value": "IBM Security Identity Manager Adapters 6.0 y 7.0 no realizan chequeos de autenticaci\u00f3n para un recurso o funcionalidad cr\u00edticos, permitiendo que los usuarios an\u00f3nimos accedan a \u00e1reas protegidas. IBM X-Force ID: 128621."
}
],
"id": "CVE-2017-1483",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-28T01:29:02.013",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007375"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101013"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Una vulnerabilidad de XSS en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF4 permite a atacantes remotos inyectar secuencias de comkandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6096",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-18T01:59:01.703",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95944"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation."
},
{
"lang": "es",
"value": "IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 no realiza debidamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos acceder a sesiones mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida."
}
],
"id": "CVE-2014-6110",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-18T01:59:06.217",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454587 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454587 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55FD51C9-A42C-4B88-8F54-0C754CB24497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.2, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n confidencial usando t\u00e9cnicas de tipo man in the middle.\u0026#xa0;IBM X-Force ID: 200253"
}
],
"id": "CVE-2021-29692",
"lastModified": "2024-11-21T06:01:38.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T15:15:07.967",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200253"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-14 14:29
Modified
2024-11-21 04:00
Severity ?
9.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106554 | Third Party Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153750 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106554 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153750 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2AE2D9-35E2-43B3-A259-0CC1439A4ACC",
"versionEndIncluding": "6.0.0.20",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment. IBM X-Force ID: 153750."
},
{
"lang": "es",
"value": "La versi\u00f3n 6.0.0 de IBM Security Identity Manager permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse autom\u00e1ticamente en el entorno del producto. IBM X-Force ID: 153750."
}
],
"id": "CVE-2018-1969",
"lastModified": "2024-11-21T04:00:40.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-14T14:29:00.470",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153750"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199997 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199997 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55FD51C9-A42C-4B88-8F54-0C754CB24497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997"
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.2, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando es devuelto un mensaje de error t\u00e9cnico detallado en el navegador.\u0026#xa0;Esta informaci\u00f3n podr\u00eda ser usada en nuevos ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 199997"
}
],
"id": "CVE-2021-29682",
"lastModified": "2024-11-21T06:01:38.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T15:15:07.757",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-14 14:29
Modified
2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106554 | Third Party Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153748 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106554 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153748 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10794615 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2AE2D9-35E2-43B3-A259-0CC1439A4ACC",
"versionEndIncluding": "6.0.0.20",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748."
},
{
"lang": "es",
"value": "La versi\u00f3n 6.0.0 de IBM Security Identity Manager es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 153748."
}
],
"id": "CVE-2018-1967",
"lastModified": "2024-11-21T04:00:40.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-14T14:29:00.410",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153748"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10794615"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/200018 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454605 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/200018 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454605 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8647241-FA30-4B5A-9318-40402848E7BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018"
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.2, podr\u00eda permitir a un usuario remoto enumerar nombres de usuario debido a una diferencia de respuestas de intentos de inicio de sesi\u00f3n v\u00e1lidos e inv\u00e1lidos.\u0026#xa0;IBM X-Force ID: 200018"
}
],
"id": "CVE-2021-29687",
"lastModified": "2024-11-21T06:01:38.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T15:15:07.857",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200018"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podr\u00edan permitir que atacantes Man-in-the-Middle (MitM) obtengan informaci\u00f3n sensible aprovechando una conexi\u00f3n no cifrada para las interfaces. IBM X-Force ID: 96172."
}
],
"id": "CVE-2014-6108",
"lastModified": "2024-11-21T02:13:47.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.347",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-08 18:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | tivoli_identity_manager | 5.0.0 | |
| ibm | tivoli_identity_manager | 5.0.0.6 | |
| ibm | tivoli_identity_manager | 5.0.0.10 | |
| ibm | tivoli_identity_manager | 5.0.0.11 | |
| ibm | tivoli_identity_manager | 5.0.0.12 | |
| ibm | tivoli_identity_manager | 5.0.0.13 | |
| ibm | tivoli_identity_manager | 5.0.0.14 | |
| ibm | tivoli_identity_manager | 5.1.0 | |
| ibm | tivoli_identity_manager | 5.1.0.3 | |
| ibm | tivoli_identity_manager | 5.1.0.4 | |
| ibm | tivoli_identity_manager | 5.1.0.5 | |
| ibm | tivoli_identity_manager | 5.1.0.6 | |
| ibm | tivoli_identity_manager | 5.1.0.7 | |
| ibm | tivoli_identity_manager | 5.1.0.8 | |
| ibm | tivoli_identity_manager | 5.1.0.9 | |
| ibm | tivoli_identity_manager | 5.1.0.10 | |
| ibm | tivoli_identity_manager | 5.1.0.11 | |
| ibm | tivoli_identity_manager | 5.1.0.12 | |
| ibm | tivoli_identity_manager | 5.1.0.13 | |
| ibm | tivoli_identity_manager | 5.1.0.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E33900F8-C0A0-4912-BCDF-0DE117AAF745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCF0B8C-6867-4D0A-87A4-82C64AA9C86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95053FE3-56DD-44A8-A2F7-CEC2CFF9D927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D07428E1-B588-4A69-B634-C4965ADD605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FA05DF-ABE8-4BE2-BFA5-8E9E174C263C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9513B0C7-2C35-4548-AEBA-12958C997331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "479E7C83-B386-4E30-B428-4762DC8F6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4C17A583-2565-4917-80D6-23CAE784869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514CDBA2-128A-4D45-B1FA-3998592D86F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F27262-2B3C-48AC-9010-08EFBE057B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D399B66-A21B-4568-96E1-6144B9E7FFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF57795-2ACC-4166-909A-923A8F1BE444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FF4231-686D-4B5C-91A8-84E4A556CD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E7812B8D-28FA-431E-8BBB-CA0508FE91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6FC602-841C-4FA2-A2D8-594BA434E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "312C1D8C-CF39-4C1B-8664-E1D5FA15AEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DA53BD1F-4E1E-42E7-BEFD-80677408BAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "30228ACD-9E54-4749-862B-9CEBB71F6B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "106CF004-10C2-4AED-A521-5B156BF46231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C0C827-378A-4AF2-BF24-5DC231AD44E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CC50BF40-CE04-4BD6-9CEB-ADB825F8686E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM Tivoli Identity Manager (ITIM) 5.0 anterior a 5.0.0.15 y 5.1 anterior a 5.1.0.15 y IBM Security Identity Manager (ISIM) 6.0 anterior a 6.0.0.2 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."
}
],
"id": "CVE-2014-0961",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-08T18:55:05.093",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59080"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/67909"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6095",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-18T01:59:00.140",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95943"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/200252 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454587 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/200252 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454587 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55FD51C9-A42C-4B88-8F54-0C754CB24497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.2, contiene credenciales embebidas, como una contrase\u00f1a o clave criptogr\u00e1fica, que usa para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente a componentes externos o cifrado de datos internos.\u0026#xa0;IBM X-Force ID: 200252"
}
],
"id": "CVE-2021-29691",
"lastModified": "2024-11-21T06:01:38.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T15:15:07.930",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200252"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-24 16:29
Modified
2024-11-21 04:00
Severity ?
5.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106726 | Third Party Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153633 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106726 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153633 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64A9D38-688E-4787-9744-24C943CD91E5",
"versionEndIncluding": "7.0.1.10",
"versionStartIncluding": "7.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633."
},
{
"lang": "es",
"value": "La Virtual Appliance de IBM Security Identity Manager 7.0.1 contiene credenciales embebidas, como una contrase\u00f1a o una clave criptogr\u00e1fica, que emplea para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 153633."
}
],
"id": "CVE-2018-1959",
"lastModified": "2024-11-21T04:00:39.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-24T16:29:00.253",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106726"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153633"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos llevar a cabo ataques de clickjacking a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6105",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-18T01:59:04.030",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96144"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podr\u00edan permitir que usuarios remotos autenticados omitan las restricciones de acceso planeadas y obtengan informaci\u00f3n sensible mediante vectores relacionados con consultas LDAP del lado del servidor. IBM X-Force ID: 96173."
}
],
"id": "CVE-2014-6109",
"lastModified": "2024-11-21T02:13:47.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.410",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session."
},
{
"lang": "es",
"value": "IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos obtener informaci\u00f3n sensible de cookies capturando el tr\u00e1fico de red durante una sesi\u00f3n HTTP."
}
],
"id": "CVE-2014-6107",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-18T01:59:05.203",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/163493 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1288720 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/163493 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1288720 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6935E850-AF47-4173-94DE-C4F1E14AB7D4",
"versionEndExcluding": "6.0.0.22",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 6.0.0, presenta una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 163493."
}
],
"id": "CVE-2019-4451",
"lastModified": "2024-11-21T04:43:37.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T17:15:12.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163493"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1288720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1288720"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156162 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10869604 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156162 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10869604 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | * | |
| ibm | security_identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "656BD53D-753B-4052-A804-0F98A617ABF3",
"versionEndIncluding": "6.0.0.20",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B0FAAE-3723-4C84-8229-5BFC61FEDDB5",
"versionEndIncluding": "7.0.1.10",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162."
},
{
"lang": "es",
"value": "IBM Security Identity Manager 6.0 y 7.0 podr\u00eda permitir que un atacante cree rutas de flujo de control mediante la aplicaci\u00f3n, pudiendo omitir las comprobaciones de seguridad. La explotaci\u00f3n de esta vulnerabilidad puede resultar en una forma limitada de inyecci\u00f3n de c\u00f3digo. IBM X-Force ID: 156162."
}
],
"id": "CVE-2019-4038",
"lastModified": "2024-11-21T04:43:04.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T21:29:01.737",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869604"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request."
},
{
"lang": "es",
"value": "IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos descubrir credenciales en texto claro a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2014-6098",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-18T01:59:02.843",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95961"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-16 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/197789 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6464081 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/197789 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6464081 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8647241-FA30-4B5A-9318-40402848E7BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789."
},
{
"lang": "es",
"value": "IBM Security Identity Manager 6.0.2 podr\u00eda permitir a un usuario malintencionado autentificado cambiar las contrase\u00f1as de otros usuarios en el entorno de Windows AD cuando se despliega y configura el complemento de sincronizaci\u00f3n de contrase\u00f1as de Windows de IBM Security Identity Manager. ID de IBM X-Force: 197789"
}
],
"id": "CVE-2021-20488",
"lastModified": "2024-11-21T05:46:39.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-16T17:15:07.747",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-18 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/73167 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96145 | Vendor Advisory | |
| psirt@us.ibm.com | https://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73167 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96145 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 5.1.0 | |
| ibm | security_identity_manager | 5.1.0.3 | |
| ibm | security_identity_manager | 5.1.0.4 | |
| ibm | security_identity_manager | 5.1.0.5 | |
| ibm | security_identity_manager | 5.1.0.6 | |
| ibm | security_identity_manager | 5.1.0.7 | |
| ibm | security_identity_manager | 5.1.0.8 | |
| ibm | security_identity_manager | 5.1.0.9 | |
| ibm | security_identity_manager | 5.1.0.10 | |
| ibm | security_identity_manager | 5.1.0.11 | |
| ibm | security_identity_manager | 5.1.0.12 | |
| ibm | security_identity_manager | 5.1.0.13 | |
| ibm | security_identity_manager | 5.1.0.14 | |
| ibm | security_identity_manager | 5.1.0.15 | |
| ibm | security_identity_manager | 6.0.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | security_identity_manager | 6.0.0.2 | |
| ibm | security_identity_manager | 6.0.0.3 | |
| ibm | security_identity_manager | 6.0.0.4 | |
| ibm | security_identity_manager | 7.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA266A-AB57-43CA-B0DD-56D167A7B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0401FB23-78F5-4846-87FC-6B82DCE0D6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5FF53B-4A96-49D9-8A27-9AA29563C9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60933A03-C013-4B49-957F-0291B85B0112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3342C496-2E4D-4456-819C-5B87260593ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A53DE24-6235-4581-A365-203036873D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD63BA3E-1F44-4544-9A7E-5D24D90D476C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAD207D-34DF-4F6C-ADED-08257890507A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3467708F-A821-4148-B528-D552564D8326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "409A6900-589C-4378-9475-B6B10D4FF1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D34B8A89-04F4-431C-9893-49B1191B903D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9918ADB8-2D87-4736-B5B3-6389D4A2EDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7D09AD-64DA-46F3-B1BF-9D0066BE43E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:5.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "49268C21-2AAF-4103-AACC-FE75A234C563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27A06732-F394-4941-825B-579F752A792B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0187EA9-098C-4650-A385-4CACC1356F09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en las versiones 5.1, 6.0 y 7.0 de IBM Security Identity Manager que permite que atacantes remotos secuestren la autenticaci\u00f3n de usuarios para peticiones que pueden causar ataques de tipo Cross-Site Scripting (XSS), de envenenamiento de cach\u00e9 web u otros impactos no especificados mediante vectores desconocidos."
}
],
"id": "CVE-2014-6106",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-18T15:29:00.263",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73167"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96145"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21698020"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/200015 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/200015 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55FD51C9-A42C-4B88-8F54-0C754CB24497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015"
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 7.0.2, podr\u00eda permitir a un usuario autenticado omitir la seguridad y llevar a cabo acciones a las que no deber\u00eda tener acceso.\u0026#xa0;IBM X-Force ID: 200015"
}
],
"id": "CVE-2021-29686",
"lastModified": "2024-11-21T06:01:38.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T15:15:07.823",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200015"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6454587"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-16 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/197591 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6464081 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/197591 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6464081 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.2 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8647241-FA30-4B5A-9318-40402848E7BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591."
},
{
"lang": "es",
"value": "IBM Security Identity Manager versi\u00f3n 6.0.2, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petici\u00f3n especialmente dise\u00f1ada, un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad para obtener datos confidenciales. IBM X-Force ID: 197591"
}
],
"id": "CVE-2021-20483",
"lastModified": "2024-11-21T05:46:38.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-16T17:15:07.710",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197591"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6464081"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 almacenan credenciales de usuario cifradas y la contrase\u00f1a del keystore en texto claro en los archivos de configuraci\u00f3n, lo que permite que usuarios locales descifren credenciales SIM mediante vectores sin especificar. IBM X-Force ID: 96180."
}
],
"id": "CVE-2014-6111",
"lastModified": "2024-11-21T02:13:47.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.457",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-08 13:29
Modified
2024-11-21 03:21
Severity ?
4.4 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22013617 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/127392 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22013617 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/127392 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 7.0 | |
| ibm | security_identity_manager | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7374B2-A5B0-47CC-A1ED-8374E177BD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392."
},
{
"lang": "es",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 procesa parches, backups de im\u00e1genes y otras actualizaciones sin verificar lo suficiente el origen e integridad del c\u00f3digo. IBM X-Force ID: 127392."
}
],
"id": "CVE-2017-1405",
"lastModified": "2024-11-21T03:21:50.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-08T13:29:00.687",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127392"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}