Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security identity manager virtual appliance vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 prior to 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote malicious users to obt...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2d
Nodejs Node.js
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
1 Github repository
7.4
CVSSv3
CVE-2016-0340
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 up to and including 7.0.1.1 prior to 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote malicious users to hijack sessions by leveraging an unattended workstation.
Ibm Security Identity Manager Adapter 7.0.0.2
Ibm Security Identity Manager Adapter 7.0.0.1
Ibm Security Identity Manager Adapter 7.0.0.0
Ibm Security Identity Manager Adapter 7.0.1.1
Ibm Security Identity Manager Adapter 7.0.1.0
Ibm Security Identity Manager Adapter 7.0.0.3
7.3
CVSSv3
CVE-2016-0330
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 up to and including 7.0.1.1 prior to 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote malicious users to obtain access by leveraging an attack against the password algorithm.
Ibm Security Identity Manager Adapter 7.0.1.1
Ibm Security Identity Manager Adapter 7.0.0.2
Ibm Security Identity Manager Adapter 7.0.0.1
Ibm Security Identity Manager Adapter 7.0.0.0
Ibm Security Identity Manager Adapter 7.0.1.0
Ibm Security Identity Manager Adapter 7.0.0.3
7.1
CVSSv3
CVE-2018-2019
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.
Ibm Security Identity Manager 6.0.0.18
Ibm Security Identity Manager 6.0.0.19
Ibm Security Identity Manager 6.0.0.20
Ibm Security Identity Manager 6.0.0.1
Ibm Security Identity Manager 6.0.0.6
Ibm Security Identity Manager 6.0.0.14
Ibm Security Identity Manager 6.0.0.2
Ibm Security Identity Manager 6.0.0.4
Ibm Security Identity Manager 6.0.0
Ibm Security Identity Manager 6.0.0.5
Ibm Security Identity Manager 6.0.0.10
Ibm Security Identity Manager 6.0.0.3
Ibm Security Identity Manager 6.0.0.0
7.1
CVSSv3
CVE-2016-5971
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x prior to 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with ...
Ibm Security Privileged Identity Manager Virtual Appliance
6.8
CVSSv3
CVE-2016-5972
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x prior to 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
Ibm Security Privileged Identity Manager Virtual Appliance
6.8
CVSSv3
CVE-2016-3040
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x prior to 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Ibm Security Privileged Identity Manager Virtual Appliance 2.0
6.6
CVSSv3
CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 up to and including 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the tar...
Apache Log4j 2.0
Apache Log4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Weblogic Server 12.2.1.4.0
Oracle Primavera Unifier 19.12
Oracle Weblogic Server 14.1.1.0.0
Oracle Primavera Unifier 20.12
Oracle Communications Interactive Session Recorder 6.3
Oracle Communications Interactive Session Recorder 6.4
Oracle Primavera Gateway
Oracle Retail Assortment Planning 16.0.3
Oracle Primavera Unifier 21.12
Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.0.0
Oracle Primavera P6 Enterprise Project Portfolio Management
Oracle Primavera Gateway 21.12.0
Oracle Retail Fiscal Management 14.2
Oracle Siebel Ui Framework 21.12
Oracle Communications Diameter Signaling Router
Cisco Cloudcenter 4.10.0.16
Fedoraproject Fedora 34
Fedoraproject Fedora 35
34 Github repositories
4 Articles
6.5
CVSSv3
CVE-2015-7851
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP prior to 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite ...
Ntp Ntp
Ntp Ntp 4.2.8
6.5
CVSSv3
CVE-2018-0229
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Sof...
Cisco Anyconnect Secure Mobility Client 4.6\\(200\\)
Cisco Adaptive Security Appliance Software 9.8\\(1.245\\)
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »