Vulnerabilities > IBM > Security Identity Manager Virtual Appliance > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-01 CVE-2019-4704 Missing Encryption of Sensitive Data vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
4.3
2019-07-11 CVE-2018-1968 Information Exposure vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.1/7.0.1.12
IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
2018-02-21 CVE-2016-0367 Information Exposure vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message.
network
low complexity
ibm CWE-200
4.3
2017-02-01 CVE-2016-9704 Cross-site Scripting vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1