Ibm Security Identity Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Identity Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2019-4675 — CVSS 9.8 (critical): IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own…
CVE-2018-1969 — CVSS 9.0 (critical): IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed…
CVE-2016-0335 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before…
CVE-2021-29686 — CVSS 8.8 (high): IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have…
CVE-2014-6106 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the…
CVE-2019-4561 — CVSS 8.8 (high): IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of…
CVE-2018-1453 — CVSS 8.8 (high): IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that…
CVE-2017-1407 — CVSS 8.8 (high): IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on…
CVE-2017-1483 — CVSS 8.6 (high): IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality…
CVE-2017-1362 — CVSS 7.8 (high): IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM…
CVE-2014-6111 — CVSS 7.8 (high): IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and…
CVE-2016-9739 — CVSS 7.8 (high): IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
CVE-2021-29688 — CVSS 7.5 (high): IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message…
CVE-2021-29691 — CVSS 7.5 (high): IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own…
CVE-2018-2019 — CVSS 7.1 (high): IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML…
CVE-2021-20488 — CVSS 6.5 (medium): IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD…
CVE-2021-20483 — CVSS 6.5 (medium): IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote…
CVE-2021-29683 — CVSS 6.5 (medium): IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID…
CVE-2019-4038 — CVSS 6.2 (medium): IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application…
CVE-2021-29864 — CVSS 6.1 (medium): IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By…
CVE-2018-1967 — CVSS 6.1 (medium): IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2014-6168 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated…
CVE-2014-0961 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM…
CVE-2021-29692 — CVSS 5.9 (medium): IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable…
CVE-2014-6112 — CVSS 5.9 (medium): IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and…
CVE-2014-6108 — CVSS 5.9 (medium): IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and…
CVE-2020-4970 — CVSS 5.9 (medium): IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information…
CVE-2018-1956 — CVSS 5.9 (medium): IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for…
CVE-2016-0336 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before…
CVE-2019-4451 — CVSS 5.4 (medium): IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2014-6109 — CVSS 5.3 (medium): IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and…
CVE-2021-29687 — CVSS 5.3 (medium): IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and…
CVE-2021-29682 — CVSS 5.3 (medium): IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message…
CVE-2018-1959 — CVSS 5.1 (medium): IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it…
CVE-2014-6095 — CVSS 5.0 (medium): Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files…
CVE-2014-6098 — CVSS 5.0 (medium): IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.
CVE-2019-4674 — CVSS 4.9 (medium): IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2017-1405 — CVSS 4.4 (medium): IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the…
CVE-2014-6107 — CVSS 4.3 (medium): IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the…
CVE-2014-6096 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject…
CVE-2014-6105 — CVSS 4.3 (medium): IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2018-1962 — CVSS 4.0 (medium): IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of…
CVE-2014-6110 — CVSS 2.1 (low): IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access…