Vulnerabilites related to ibm - tivoli_identity_manager
CVE-2014-6111 (GCVE-0-2014-6111)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146111-info-disc(96180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146111-info-disc(96180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146111-info-disc(96180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6111",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3262 (GCVE-0-2009-3262)
Vulnerability from cvelistv5
Published
2009-09-18 21:00
Modified
2024-09-17 03:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:23.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36511"
},
{
"name": "IZ54747",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747"
},
{
"name": "1022837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-18T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36511"
},
{
"name": "IZ54747",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747"
},
{
"name": "1022837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022837"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36511"
},
{
"name": "IZ54747",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747"
},
{
"name": "1022837",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022837"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3262",
"datePublished": "2009-09-18T21:00:00Z",
"dateReserved": "2009-09-18T00:00:00Z",
"dateUpdated": "2024-09-17T03:32:46.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6607 (GCVE-0-2006-6607)
Vulnerability from cvelistv5
Published
2006-12-18 02:00
Modified
2024-08-07 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21570",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21570"
},
{
"name": "23359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23359"
},
{
"name": "1017380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017380"
},
{
"name": "ADV-2006-4989",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4989"
},
{
"name": "tivoli-truststorepassword-info-disclosure(30865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21570",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21570"
},
{
"name": "23359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23359"
},
{
"name": "1017380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017380"
},
{
"name": "ADV-2006-4989",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4989"
},
{
"name": "tivoli-truststorepassword-info-disclosure(30865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21570"
},
{
"name": "23359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23359"
},
{
"name": "1017380",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017380"
},
{
"name": "ADV-2006-4989",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4989"
},
{
"name": "tivoli-truststorepassword-info-disclosure(30865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6607",
"datePublished": "2006-12-18T02:00:00",
"dateReserved": "2006-12-17T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6108 (GCVE-0-2014-6108)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146108-info-disc(96172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146108-info-disc(96172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146108-info-disc(96172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6108",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6109 (GCVE-0-2014-6109)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146109-ldap-injection(96173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146109-ldap-injection(96173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"name": "ibm-sim-cve20146109-ldap-injection(96173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6109",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2583 (GCVE-0-2009-2583)
Vulnerability from cvelistv5
Published
2009-07-23 20:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:55.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35779"
},
{
"name": "IZ55659",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659"
},
{
"name": "35931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35931"
},
{
"name": "ADV-2009-1990",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1990"
},
{
"name": "1022597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35779"
},
{
"name": "IZ55659",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659"
},
{
"name": "35931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35931"
},
{
"name": "ADV-2009-1990",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1990"
},
{
"name": "1022597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35779"
},
{
"name": "IZ55659",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659"
},
{
"name": "35931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35931"
},
{
"name": "ADV-2009-1990",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1990"
},
{
"name": "1022597",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022597"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24023826",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2583",
"datePublished": "2009-07-23T20:00:00",
"dateReserved": "2009-07-23T00:00:00",
"dateUpdated": "2024-08-07T05:59:55.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6112 (GCVE-0-2014-6112)
Vulnerability from cvelistv5
Published
2018-04-20 20:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sim-cve20146112-weak-security(96184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sim-cve20146112-weak-security(96184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sim-cve20146112-weak-security(96184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6112",
"datePublished": "2018-04-20T20:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2316 (GCVE-0-2009-2316)
Vulnerability from cvelistv5
Published
2009-07-05 16:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2106"
},
{
"name": "IZ54310",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310"
},
{
"name": "35566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35566"
},
{
"name": "IZ55518",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023640"
},
{
"name": "35696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35696"
},
{
"name": "IZ54311",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023929"
},
{
"name": "36119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36119"
},
{
"name": "55550",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55550"
},
{
"name": "1022508",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022508"
},
{
"name": "ADV-2009-1774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1774"
},
{
"name": "55551",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2106"
},
{
"name": "IZ54310",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310"
},
{
"name": "35566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35566"
},
{
"name": "IZ55518",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023640"
},
{
"name": "35696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35696"
},
{
"name": "IZ54311",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023929"
},
{
"name": "36119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36119"
},
{
"name": "55550",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55550"
},
{
"name": "1022508",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022508"
},
{
"name": "ADV-2009-1774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1774"
},
{
"name": "55551",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2106"
},
{
"name": "IZ54310",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310"
},
{
"name": "35566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35566"
},
{
"name": "IZ55518",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24023640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023640"
},
{
"name": "35696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35696"
},
{
"name": "IZ54311",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24023929",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023929"
},
{
"name": "36119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36119"
},
{
"name": "55550",
"refsource": "OSVDB",
"url": "http://osvdb.org/55550"
},
{
"name": "1022508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022508"
},
{
"name": "ADV-2009-1774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1774"
},
{
"name": "55551",
"refsource": "OSVDB",
"url": "http://osvdb.org/55551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2316",
"datePublished": "2009-07-05T16:00:00",
"dateReserved": "2009-07-05T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0961 (GCVE-0-2014-0961)
Vulnerability from cvelistv5
Published
2014-06-08 18:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sim-cve20140961-csrf(92747)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"name": "59080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59080"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"name": "67909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sim-cve20140961-csrf(92747)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"name": "59080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59080"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"name": "67909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sim-cve20140961-csrf(92747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"name": "59080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59080"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"name": "67909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0961",
"datePublished": "2014-06-08T18:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podr\u00edan permitir que usuarios remotos autenticados omitan las restricciones de acceso planeadas y obtengan informaci\u00f3n sensible mediante vectores relacionados con consultas LDAP del lado del servidor. IBM X-Force ID: 96173."
}
],
"id": "CVE-2014-6109",
"lastModified": "2024-11-21T02:13:47.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.410",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 almacenan credenciales de usuario cifradas y la contrase\u00f1a del keystore en texto claro en los archivos de configuraci\u00f3n, lo que permite que usuarios locales descifren credenciales SIM mediante vectores sin especificar. IBM X-Force ID: 96180."
}
],
"id": "CVE-2014-6111",
"lastModified": "2024-11-21T02:13:47.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.457",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-05 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/55550 | ||
| cve@mitre.org | http://osvdb.org/55551 | ||
| cve@mitre.org | http://secunia.com/advisories/35696 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/36119 | ||
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310 | Vendor Advisory | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311 | ||
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518 | ||
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg24023640 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg24023929 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/35566 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022508 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1774 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/2106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/55550 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/55551 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35696 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36119 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg24023640 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg24023929 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35566 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022508 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1774 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2106 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_identity_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D36671F-4B3C-4E23-B1EC-7CF4AA17C08A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Tivoli Identity Manager (ITIM) v5.0, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n al introducir una URL no especificada en (1) la interfaz del propio servicio UI o (2) la interfaz de la consola."
}
],
"id": "CVE-2009-2316",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-05T16:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55550"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55551"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35696"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36119"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023640"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023929"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35566"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022508"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1774"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-23 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/35931 | Vendor Advisory | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659 | Vendor Advisory | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg24023826 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/35779 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1022597 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1990 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35931 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg24023826 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35779 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022597 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1990 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_identity_manager | 5.0.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95053FE3-56DD-44A8-A2F7-CEC2CFF9D927",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de fijaci\u00f3n de sesi\u00f3n en IBM Tivoli Identity Manager (ITIM) v5.0.0.6 permite a atacantes remotos secuestrar sesiones web mediante vectores no definidos relacionados con (1)la consola y (2) la interfaz de servicio."
}
],
"id": "CVE-2009-2583",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-23T20:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35931"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023826"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35779"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022597"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1990"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 facilitan que atacantes remotos obtengan informaci\u00f3n sensible aprovechando el soporte para cifrados SSL d\u00e9biles. IBM X-Force ID: 96184."
}
],
"id": "CVE-2014-6112",
"lastModified": "2024-11-21T02:13:48.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.520",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96184"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-18 02:28
Modified
2025-04-09 00:30
Severity ?
Summary
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/23359 | ||
| cve@mitre.org | http://securitytracker.com/id?1017380 | ||
| cve@mitre.org | http://www-1.ibm.com/support/docview.wss?uid=swg21251069 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/21570 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/4989 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/30865 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23359 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017380 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-1.ibm.com/support/docview.wss?uid=swg21251069 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4989 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/30865 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_identity_manager | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3766F49B-2AD2-473E-B2C8-0E776CD7F5BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods."
},
{
"lang": "es",
"value": "El Java Key Store (JKS) para WebSphere Application Server (WAS) para IBM Tivoli Identity Manager (ITIM) 4.6 pone la contrase\u00f1a JKS en una linea de comando -Djavax.net.ssl.trustStorePassword, lo cual permite a un usuario local obtener contrase\u00f1a a traves de listar el proceso o usando otros m\u00e9todos."
}
],
"id": "CVE-2006-6607",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-18T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23359"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017380"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21570"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4989"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-08 18:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://secunia.com/advisories/59080 | ||
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21674754 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/67909 | ||
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/92747 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59080 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21674754 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67909 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/92747 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0.0 | |
| ibm | security_identity_manager | 6.0.0.1 | |
| ibm | tivoli_identity_manager | 5.0.0 | |
| ibm | tivoli_identity_manager | 5.0.0.6 | |
| ibm | tivoli_identity_manager | 5.0.0.10 | |
| ibm | tivoli_identity_manager | 5.0.0.11 | |
| ibm | tivoli_identity_manager | 5.0.0.12 | |
| ibm | tivoli_identity_manager | 5.0.0.13 | |
| ibm | tivoli_identity_manager | 5.0.0.14 | |
| ibm | tivoli_identity_manager | 5.1.0 | |
| ibm | tivoli_identity_manager | 5.1.0.3 | |
| ibm | tivoli_identity_manager | 5.1.0.4 | |
| ibm | tivoli_identity_manager | 5.1.0.5 | |
| ibm | tivoli_identity_manager | 5.1.0.6 | |
| ibm | tivoli_identity_manager | 5.1.0.7 | |
| ibm | tivoli_identity_manager | 5.1.0.8 | |
| ibm | tivoli_identity_manager | 5.1.0.9 | |
| ibm | tivoli_identity_manager | 5.1.0.10 | |
| ibm | tivoli_identity_manager | 5.1.0.11 | |
| ibm | tivoli_identity_manager | 5.1.0.12 | |
| ibm | tivoli_identity_manager | 5.1.0.13 | |
| ibm | tivoli_identity_manager | 5.1.0.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E33900F8-C0A0-4912-BCDF-0DE117AAF745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCF0B8C-6867-4D0A-87A4-82C64AA9C86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95053FE3-56DD-44A8-A2F7-CEC2CFF9D927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D07428E1-B588-4A69-B634-C4965ADD605A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FA05DF-ABE8-4BE2-BFA5-8E9E174C263C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9513B0C7-2C35-4548-AEBA-12958C997331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "479E7C83-B386-4E30-B428-4762DC8F6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4C17A583-2565-4917-80D6-23CAE784869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514CDBA2-128A-4D45-B1FA-3998592D86F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F27262-2B3C-48AC-9010-08EFBE057B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D399B66-A21B-4568-96E1-6144B9E7FFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF57795-2ACC-4166-909A-923A8F1BE444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FF4231-686D-4B5C-91A8-84E4A556CD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E7812B8D-28FA-431E-8BBB-CA0508FE91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6FC602-841C-4FA2-A2D8-594BA434E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "312C1D8C-CF39-4C1B-8664-E1D5FA15AEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DA53BD1F-4E1E-42E7-BEFD-80677408BAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "30228ACD-9E54-4749-862B-9CEBB71F6B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "106CF004-10C2-4AED-A521-5B156BF46231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C0C827-378A-4AF2-BF24-5DC231AD44E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CC50BF40-CE04-4BD6-9CEB-ADB825F8686E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM Tivoli Identity Manager (ITIM) 5.0 anterior a 5.0.0.15 y 5.1 anterior a 5.1.0.15 y IBM Security Identity Manager (ISIM) 6.0 anterior a 6.0.0.2 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."
}
],
"id": "CVE-2014-0961",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-08T18:55:05.093",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59080"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/67909"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92747"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-18 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/36511 | Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1022837 | ||
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36511 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1022837 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_identity_manager | 5.0.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4908A93-BA67-4031-8794-F6A87A3A072C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Self Service UI (SSUI) en IBM Tivoli Identity Manager (ITIM) v5.0.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de el campo \"last name\" en un perfil."
}
],
"evaluatorSolution": "Per http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747\r\n\r\n A fix is available\r\n\r\nIBM Tivoli Identity Manager, ver 5.0, Interim Fix 5.0.0.6-TIV-TIM-IF0031",
"id": "CVE-2009-3262",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-18T21:30:01.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36511"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022837"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-20 20:29
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698020 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_identity_manager | 6.0 | |
| ibm | security_identity_manager | 7.0 | |
| ibm | tivoli_identity_manager | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3DD5D1-ADBD-48A0-B359-36E2FF8894A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E76774-A3B4-4499-8D2E-8EF8BBF11298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC745A1-3B66-42A7-B166-7798879E1B51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172."
},
{
"lang": "es",
"value": "IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podr\u00edan permitir que atacantes Man-in-the-Middle (MitM) obtengan informaci\u00f3n sensible aprovechando una conexi\u00f3n no cifrada para las interfaces. IBM X-Force ID: 96172."
}
],
"id": "CVE-2014-6108",
"lastModified": "2024-11-21T02:13:47.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-20T20:29:00.347",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96172"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}