Ibm: >> Security Identity Manager >> 6.0.0.13 Security Vulnerabilities
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-04
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.
CVSS Score
7.2
EPSS Score
0.0
Published
2019-02-04
IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-01-14
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-01-14
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
CVSS Score
9.0
EPSS Score
0.004
Published
2019-01-14