Vulnerabilities > IBM > Security Identity Manager > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-16 | CVE-2021-20488 | Unspecified vulnerability in IBM Security Identity Manager 6.0.2 IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. network ibm | 3.5 |
| 2020-02-04 | CVE-2019-4451 | Cross-site Scripting vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. | 3.5 |
| 2019-02-04 | CVE-2018-1962 | Session Fixation vulnerability in IBM Security Identity Manager IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. | 2.1 |
| 2018-04-20 | CVE-2014-6109 | Improper Access Control vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. | 3.5 |
| 2018-04-20 | CVE-2014-6111 | Credentials Management vulnerability in IBM Security Identity Manager and Tivoli Identity Manager IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. | 2.1 |
| 2018-01-12 | CVE-2016-0336 | Cross-site Scripting vulnerability in IBM Security Identity Manager Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2017-09-25 | CVE-2017-1362 | Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0 IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
| 2017-02-01 | CVE-2016-9739 | Credentials Management vulnerability in IBM Security Identity Manager IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
| 2014-11-18 | CVE-2014-6110 | Improper Access Control vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. | 2.1 |