Ibm

Security Identity Governance And Intelligence

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-4957

  • EPSS 0.16%
  • Veröffentlicht 17.05.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 05:33:28

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.

5.5

CVE-2020-4996

  • EPSS 0.05%
  • Veröffentlicht 09.02.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:31

IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.

5.3

CVE-2020-4995

  • EPSS 0.12%
  • Veröffentlicht 09.02.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:31

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912.

8.2

CVE-2020-4795

  • EPSS 0.12%
  • Veröffentlicht 09.02.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:16

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.

5.3

CVE-2020-4791

  • EPSS 0.05%
  • Veröffentlicht 09.02.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:15

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.

6.5

CVE-2020-4790

  • EPSS 0.1%
  • Veröffentlicht 09.02.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:15

IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.

5.9

CVE-2020-4969

  • EPSS 0.12%
  • Veröffentlicht 21.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:29

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sen...

6.5

CVE-2020-4968

  • EPSS 0.05%
  • Veröffentlicht 21.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:29

IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.

4.3

CVE-2020-4966

  • EPSS 0.36%
  • Veröffentlicht 21.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:29

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...

9.8

CVE-2020-4958

  • EPSS 0.47%
  • Veröffentlicht 21.01.2021 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:28

IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209.