Vulnerabilities > IBM > Security Privileged Identity Manager > 2.1.1

DATE CVE VULNERABILITY TITLE RISK
2019-04-02 CVE-2018-1680 Weak Password Requirements vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
7.5
2019-04-02 CVE-2018-1640 Improper Input Validation vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-20
8.8
8.8
2019-04-02 CVE-2018-1626 Session Fixation vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability.
network
low complexity
ibm CWE-384
4.3
4.3
2019-04-02 CVE-2018-1625 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-200
4.3
4.3
2019-04-02 CVE-2018-1623 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
3.3
3.3
2019-04-02 CVE-2018-1622 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2019-04-02 CVE-2018-1618 Path Traversal vulnerability in IBM Security Privileged Identity Manager 2.1.1
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
7.5