VYPR

Security Identity Manager

by IBM

CVEs (51)

  • CVE-2014-6110Nov 18, 2014
    risk 0.00cvss epss 0.01

    IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.

  • CVE-2014-6107Nov 18, 2014
    risk 0.00cvss epss 0.02

    IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

  • CVE-2014-6105Nov 18, 2014
    risk 0.00cvss epss 0.02

    IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

  • CVE-2014-6098Nov 18, 2014
    risk 0.00cvss epss 0.03

    IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.

  • CVE-2014-6096Nov 18, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2014-6095Nov 18, 2014
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2014-0961Jun 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for…

  • CVE-2009-3262Sep 18, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.

  • CVE-2009-2583Jul 23, 2009
    risk 0.00cvss epss 0.01

    Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.

  • CVE-2009-2316Jul 5, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later…

  • CVE-2006-6607Dec 18, 2006
    risk 0.00cvss epss 0.00

    The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other…

Page 3 of 3