Ibm: >> Security Identity Manager Virtual Appliance >> 7.0.2 Security Vulnerabilities
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
CVSS Score
6.3
EPSS Score
0.001
Published
2020-07-01
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.
CVSS Score
3.7
EPSS Score
0.001
Published
2020-07-01
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.
CVSS Score
2.7
EPSS Score
0.001
Published
2020-07-01
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.
CVSS Score
2.7
EPSS Score
0.001
Published
2020-07-01