Skip to main content

Security Identity Governance And Intelligence

13 CVEs product

Monthly

CVE-2020-4243 LOW PATCH Monitor

IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Session Fixation Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
3.7
EPSS
0.9%
CVE-2020-4248 LOW Monitor

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2020-4249 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4246 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-4245 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4244 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4233 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-4232 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4231 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2018-1757 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Identity Governance And Intelligence
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-1756 HIGH POC PATCH THREAT This Week

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi IBM Security Identity Governance And Intelligence
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.6%
CVE-2017-1483 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Security Identity Governance And Intelligence Security Identity Manager Security Privileged Identity Manager
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-1407 HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Security Identity Governance And Intelligence Security Identity Manager Security Privileged Identity Manager
NVD
CVSS 3.1
8.8
EPSS
3.9%
EPSS 1% CVSS 3.7
LOW PATCH Monitor

IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Session Fixation Information Disclosure +1
NVD
EPSS 1% CVSS 2.7
LOW Monitor

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Identity Governance And Intelligence
NVD
EPSS 11% CVSS 7.5
HIGH POC PATCH THREAT This Week

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi IBM Security Identity Governance And Intelligence
NVD Exploit-DB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

IBM Authentication Bypass Security Identity Governance And Intelligence +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Security Identity Governance And Intelligence +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy