Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
identity manager vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-1966
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote malicious users to inject arbitrary web s...
Ibm Tivoli Federated Identity Manager 6.2.0
Ibm Tivoli Federated Identity Manager 6.2.1
Ibm Tivoli Federated Identity Manager 6.2.2
5.8
CVSSv2
CVE-2008-0241
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
4.3
CVSSv2
CVE-2016-0353
IBM Security Privileged Identity Manager 2.0 prior to 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission withi...
Ibm Security Privileged Identity Manager 2.0.2
Ibm Security Privileged Identity Manager 2.0.0
Ibm Security Privileged Identity Manager 2.0.1
6.8
CVSSv2
CVE-2008-5115
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
1 EDB exploit
4.3
CVSSv2
CVE-2008-5114
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
7.8
CVSSv2
CVE-2008-5116
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ex...
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
6.4
CVSSv2
CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
4.3
CVSSv2
CVE-2008-5118
Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 7.0
4
CVSSv2
CVE-2016-2996
IBM Security Privileged Identity Manager 2.0 prior to 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.
Ibm Security Privileged Identity Manager 2.0.1
Ibm Security Privileged Identity Manager 2.0.0
Ibm Security Privileged Identity Manager 2.0.2
5
CVSSv2
CVE-2017-1319
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.
Ibm Tivoli Federated Identity Manager 6.2.1
Ibm Tivoli Federated Identity Manager 6.2.2
Ibm Tivoli Federated Identity Manager 6.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »