Latest ibm security identity governance and intelligence Vulnerabilities

CVE-2020-4957
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.
IBM Security Identity Governance and Intelligence=5.2.6
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6586142
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6587435
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4970
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport ...
IBM Security Identity Manager=5.2.4
IBM Security Identity Manager=5.2.5
IBM Security Identity Manager=5.2.6
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6403247
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6413391
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4795
IBM Security Access Manager Appliance could disclose sensitive information to an unauthorized user using a specially crafted HTTP request.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
IBM-6413399
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4791
IBM Security Access Manager Appliance could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
IBM-6413393
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6403241
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6413389
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4995
IBM Security Access Manager does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
IBM-6403265
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4958
IBM Security Identity Governance Virtual Appliance does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
CVE-2020-4790
IBM Security Access Manager Appliance could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
CVE-2020-4996
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
CVE-2020-4968
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.
IBM Security Identity Governance and Intelligence=5.2.6
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6403257
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6403233
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4969
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attac...
IBM Security Identity Governance and Intelligence=5.2.6
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4243
IBM Security Identity Governance Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
IBM-6207913
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6207911
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4249
IBM Security Identity Governance Virtual Appliance could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
CVE-2020-4246
IBM Security Identity Governance Virtual Appliance is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose...
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
IBM-6207905
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6207912
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4248
IBM Security Identity Governance Virtual Appliance could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information c...
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
CVE-2020-4233
IBM Security Identity Governance Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By in...
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
IBM-6207902
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6207907
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6207908
IBM Security Identity Governance and Intelligence<=5.2.6
IBM-6207906
IBM Security Identity Governance and Intelligence<=5.2.6
CVE-2020-4232
IBM Security Identity Governance Virtual Appliance could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
CVE-2020-4245
IBM Security Identity Governance Virtual Appliance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
IBM Security Identity Governance and Intelligence<=5.2.6
IBM Security Identity Governance and Intelligence=5.2.6
CVE-2018-1944
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound auth...
IBM Security Identity Governance and Intelligence>=5.2<=5.2.4.1
CVE-2018-1946
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used...
IBM Security Identity Governance and Intelligence>=5.2<=5.2.4.1
CVE-2018-1945
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a mal...
IBM Security Identity Governance and Intelligence>=5.2<=5.2.4.1
CVE-2018-1948
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the c...
IBM Security Identity Governance and Intelligence>=5.2<=5.2.4.1
CVE-2018-1947
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...
IBM Security Identity Governance and Intelligence>=5.2<=5.2.4.1
CVE-2018-1756
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to vie...
IBM Security Identity Governance and Intelligence=5.2.3.2
IBM Security Identity Governance and Intelligence=5.2.4
CVE-2018-1757
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force...
IBM Security Identity Governance and Intelligence=5.2.3.2
IBM Security Identity Governance and Intelligence=5.2.4
CVE-2017-1411
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accou...
IBM Security Identity Governance and Intelligence=5.2
IBM Security Identity Governance and Intelligence=5.2.1
IBM Security Identity Governance and Intelligence=5.2.2
IBM Security Identity Governance and Intelligence=5.2.2.1
IBM Security Identity Governance and Intelligence=5.2.3
IBM Security Identity Governance and Intelligence=5.2.3.1
and 1 more
CVE-2017-1755
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID:...
IBM Security Identity Governance and Intelligence=5.2
IBM Security Identity Governance and Intelligence=5.2.1
IBM Security Identity Governance and Intelligence=5.2.2
IBM Security Identity Governance and Intelligence=5.2.2.1
IBM Security Identity Governance and Intelligence=5.2.3
IBM Security Identity Governance and Intelligence=5.2.3.1
and 1 more
CVE-2017-1366
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Fo...
IBM Security Identity Governance and Intelligence=5.2
IBM Security Identity Governance and Intelligence=5.2.1
IBM Security Identity Governance and Intelligence=5.2.2
IBM Security Identity Governance and Intelligence=5.2.2.1
IBM Security Identity Governance and Intelligence=5.2.3
IBM Security Identity Governance and Intelligence=5.2.3.1
and 1 more
CVE-2017-1396
IBM Security Identity Governance and Intelligence=5.2
IBM Security Identity Governance and Intelligence=5.2.1
IBM Security Identity Governance and Intelligence=5.2.2
IBM Security Identity Governance and Intelligence=5.2.2.1
IBM Security Identity Governance and Intelligence=5.2.3
IBM Security Identity Governance and Intelligence=5.2.3.1
and 1 more
CVE-2017-1412
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: ...
IBM Security Identity Governance and Intelligence=5.2
IBM Security Identity Governance and Intelligence=5.2.1
IBM Security Identity Governance and Intelligence=5.2.2
IBM Security Identity Governance and Intelligence=5.2.2.1
IBM Security Identity Governance and Intelligence=5.2.3
IBM Security Identity Governance and Intelligence=5.2.3.1
and 1 more
CVE-2017-1368
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by s...
IBM Security Identity Governance and Intelligence=5.2
IBM Security Identity Governance and Intelligence=5.2.1
IBM Security Identity Governance and Intelligence=5.2.2
IBM Security Identity Governance and Intelligence=5.2.2.1
IBM Security Identity Governance and Intelligence=5.2.3
IBM Security Identity Governance and Intelligence=5.2.3.1
and 1 more
CVE-2017-1395
IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Str...
IBM Security Identity Governance and Intelligence>=5.2<=5.2.3.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203