Security Identity Manager Virtual Appliance
Sign in to watchby IBM
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9704 | Med | 0.40 | 6.1 | 0.00 | Feb 1, 2017 | IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
| CVE-2016-9703 | Low | 0.16 | 2.4 | 0.00 | Feb 1, 2017 | IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. |