IBM » Security Identity Manager : Security Vulnerabilities, CVEs, CVSS score >= 8
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015
Max CVSS
8.8
EPSS Score
0.09%
Published
2021-05-20
Updated
2022-07-12
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.
Max CVSS
9.8
EPSS Score
0.12%
Published
2020-02-04
Updated
2020-02-12
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.
Max CVSS
9.3
EPSS Score
1.24%
Published
2019-11-20
Updated
2019-11-22
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
Max CVSS
9.9
EPSS Score
0.14%
Published
2019-01-14
Updated
2019-10-09
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
Max CVSS
8.8
EPSS Score
0.14%
Published
2018-06-08
Updated
2019-10-09
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.
Max CVSS
8.6
EPSS Score
0.22%
Published
2017-09-28
Updated
2017-10-06
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.
Max CVSS
9.0
EPSS Score
0.25%
Published
2017-09-28
Updated
2020-07-20
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.
Max CVSS
8.8
EPSS Score
0.07%
Published
2018-01-12
Updated
2018-01-29
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
Max CVSS
8.8
EPSS Score
0.10%
Published
2017-09-18
Updated
2017-09-22
9 vulnerabilities found