Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_privileged_identity_manager
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-02 | CVE-2018-1680 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236. | Security_privileged_identity_manager | 7.5 | ||
| 2017-09-28 | CVE-2017-1407 | IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. | Security_identity_governance_and_intelligence, Security_identity_manager, Security_privileged_identity_manager | N/A | ||
| 2019-04-02 | CVE-2018-1640 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580. | Security_privileged_identity_manager | 8.8 | ||
| 2019-04-02 | CVE-2018-1626 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411. | Security_privileged_identity_manager | 4.3 | ||
| 2019-04-02 | CVE-2018-1625 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410. | Security_privileged_identity_manager | 4.3 | ||
| 2019-04-02 | CVE-2018-1623 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408. | Security_privileged_identity_manager | 3.3 | ||
| 2019-04-02 | CVE-2018-1622 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. | Security_privileged_identity_manager | 8.8 | ||
| 2019-04-02 | CVE-2018-1618 | IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343. | Security_privileged_identity_manager | 7.5 | ||
| 2018-03-30 | CVE-2017-1705 | IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427. | Security_privileged_identity_manager | 4.3 | ||
| 2017-09-27 | CVE-2017-1483 | IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621. | Security_identity_governance_and_intelligence, Security_identity_manager, Security_privileged_identity_manager | 8.6 |