VYPR

Security Identity Manager Adapter

by IBM

CVEs (11)

  • CVE-2017-1483HigSep 28, 2017
    risk 0.56cvss 8.6epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.

  • CVE-2017-1362HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.

  • CVE-2016-0340HigJul 15, 2016
    risk 0.48cvss 7.4epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

  • CVE-2016-0330HigJul 15, 2016
    risk 0.48cvss 7.3epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm.

  • CVE-2016-0338MedJul 15, 2016
    risk 0.40cvss 6.2epss 0.00

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.

  • CVE-2016-0339MedJul 15, 2016
    risk 0.37cvss 5.6epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."

  • CVE-2016-0357MedJul 15, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site.

  • CVE-2021-20574Jun 28, 2021
    risk 0.00cvss epss 0.02

    IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252.

  • CVE-2021-20573Jun 28, 2021
    risk 0.00cvss epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249.

  • CVE-2021-20572Jun 28, 2021
    risk 0.00cvss epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.

  • CVE-2021-20494Jun 28, 2021
    risk 0.00cvss epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.