Ibm Security Identity Governance And Intelligence — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Identity Governance And Intelligence, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (39)
CVE-2020-4958 — CVSS 9.8 (critical): IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user…
CVE-2017-1407 — CVSS 8.8 (high): IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on…
CVE-2017-1483 — CVSS 8.6 (high): IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality…
CVE-2020-4795 — CVSS 8.2 (high): IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially…
CVE-2018-1756 — CVSS 7.5 (high): IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send…
CVE-2020-4245 — CVSS 7.5 (high): IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it…
CVE-2020-4232 — CVSS 7.5 (high): IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials…
CVE-2020-4246 — CVSS 7.1 (high): IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML…
CVE-2017-1755 — CVSS 6.5 (medium): IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files…
CVE-2020-4968 — CVSS 6.5 (medium): IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2020-4231 — CVSS 6.5 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous…
CVE-2020-4790 — CVSS 6.5 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a…
CVE-2020-4249 — CVSS 6.5 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the…
CVE-2018-1947 — CVSS 6.1 (medium): IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This…
CVE-2018-1945 — CVSS 6.1 (medium): IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the…
CVE-2018-1946 — CVSS 5.9 (medium): IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and…
CVE-2017-1366 — CVSS 5.9 (medium): IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow…
CVE-2017-1395 — CVSS 5.9 (medium): IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive…
CVE-2017-1411 — CVSS 5.9 (medium): IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default…
CVE-2020-4969 — CVSS 5.9 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the…
CVE-2020-4996 — CVSS 5.5 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of…
CVE-2018-1757 — CVSS 5.3 (medium): IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing…
CVE-2020-4791 — CVSS 5.3 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle…
CVE-2020-4244 — CVSS 5.3 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user…
CVE-2020-4957 — CVSS 5.3 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future…
CVE-2020-4233 — CVSS 5.3 (medium): IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the…
CVE-2020-4995 — CVSS 5.3 (medium): IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain…
CVE-2017-1409 — CVSS 5.3 (medium): IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The…
CVE-2018-1944 — CVSS 5.1 (medium): IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password…
CVE-2018-1950 — CVSS 4.3 (medium): IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive…
CVE-2018-1949 — CVSS 4.3 (medium): IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized…
CVE-2018-1948 — CVSS 4.3 (medium): IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization…
CVE-2017-1412 — CVSS 4.3 (medium): IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about…
CVE-2020-4966 — CVSS 4.3 (medium): IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies…
CVE-2017-1368 — CVSS 4.3 (medium): IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session…
CVE-2017-1396 — CVSS 4.2 (medium): IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that…
CVE-2017-1367 — CVSS 3.7 (low): IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters…
CVE-2020-4243 — CVSS 3.7 (low): IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information…
CVE-2020-4248 — CVSS 2.7 (low): IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed…