Vulnerabilities > IBM > Security Privileged Identity Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-02 | CVE-2018-1680 | Weak Password Requirements vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2019-04-02 | CVE-2018-1640 | Improper Input Validation vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2019-04-02 | CVE-2018-1626 | Session Fixation vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.3 |
| 2019-04-02 | CVE-2018-1625 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.3 |
| 2019-04-02 | CVE-2018-1623 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2019-04-02 | CVE-2018-1622 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-04-02 | CVE-2018-1618 | Path Traversal vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2018-03-30 | CVE-2017-1705 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.0 IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. | 4.3 |
| 2018-02-21 | CVE-2016-0366 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0 IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. | 3.7 |
| 2017-09-28 | CVE-2017-1483 | Missing Authentication for Critical Function vulnerability in IBM products IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.6 |