Vulnerabilities > IBM > Security Identity Manager > 7.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2019-4038 Code Injection vulnerability in IBM Security Identity Manager
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks.
low complexity
ibm CWE-94
6.2
2018-01-12 CVE-2016-0336 Cross-site Scripting vulnerability in IBM Security Identity Manager
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2018-01-12 CVE-2016-0335 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
network
low complexity
ibm CWE-352
8.8
2017-09-28 CVE-2017-1483 Missing Authentication for Critical Function vulnerability in IBM products
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-306
8.6
2017-09-28 CVE-2017-1407 Command Injection vulnerability in IBM products
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-77
8.8
2017-09-18 CVE-2014-6106 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
network
low complexity
ibm CWE-352
8.8
2017-02-01 CVE-2016-9739 Credentials Management vulnerability in IBM Security Identity Manager
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-255
7.8