Ibm: >> Security Privileged Identity Manager Security Vulnerabilities
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.
CVSS Score
7.7
EPSS Score
0.005
Published
2019-04-02
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-04-02
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.
CVSS Score
4.0
EPSS Score
0.001
Published
2019-04-02
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-04-02
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.
CVSS Score
3.1
EPSS Score
0.002
Published
2019-04-02
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.
CVSS Score
8.8
EPSS Score
0.034
Published
2019-04-02
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.
CVSS Score
5.9
EPSS Score
0.002
Published
2019-04-02
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-03-30
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071.
CVSS Score
3.7
EPSS Score
0.001
Published
2018-02-21
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.
CVSS Score
8.6
EPSS Score
0.005
Published
2017-09-28
Page 1