Ibm Security Identity Manager Virtual Appliance — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Identity Manager Virtual Appliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2016-0332 — CVSS 9.8 (critical): IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed…
CVE-2016-0324 — CVSS 8.8 (high): IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated…
CVE-2016-0327 — CVSS 7.8 (high): IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain…
CVE-2019-4676 — CVSS 7.8 (high): IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM…
CVE-2016-9704 — CVSS 6.1 (medium): IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2018-1968 — CVSS 5.3 (medium): IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further…
CVE-2019-4704 — CVSS 4.3 (medium): IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies…
CVE-2016-0367 — CVSS 4.3 (medium): IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive…
CVE-2016-0351 — CVSS 3.7 (low): IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in…
CVE-2019-4705 — CVSS 2.7 (low): IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to…
CVE-2019-4706 — CVSS 2.7 (low): IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable…
CVE-2016-9703 — CVSS 2.4 (low): IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical…