Version 7.0.1

CVE-2019-4675

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.

MEDIUM CVSS 6.8 Published Feb 04, 2020

CVE-2019-4674

IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.

MEDIUM CVSS 6.8 Published Feb 04, 2020

CVE-2018-1968

IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749.

MEDIUM CVSS 5.3 Published Jul 11, 2019

CVE-2018-1970

IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.

HIGH CVSS 7.1 Published Feb 04, 2019

CVE-2018-1962

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.

MEDIUM CVSS 4.0 Published Feb 04, 2019

CVE-2018-1959

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.

MEDIUM CVSS 5.1 Published Jan 24, 2019