CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4725
https://notcve.org/view.php?id=CVE-2019-4725
06 Oct 2020 — IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131. IBM Security Access Manager Appliance versión 9.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4461
https://notcve.org/view.php?id=CVE-2020-4461
20 May 2020 — IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. El IBM Security Access Manager Appliance versión 9.0.7.1, podría permitir a un usuario autentificado omitir la seguridad al permitir una manipulación de las peticiones de id_token sin verificación. IBM X-Force ID: 181481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4158
https://notcve.org/view.php?id=CVE-2019-4158
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no prueba que la identidad de un usuario sea la correcta, lo que puede conllevar a la exposición de recursos o funcionalidades a actores no deseados. ID de IBM X-Force: 158574 • https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4157
https://notcve.org/view.php?id=CVE-2019-4157
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4156
https://notcve.org/view.php?id=CVE-2019-4156
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158572. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4153
https://notcve.org/view.php?id=CVE-2019-4153
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517. IBM Security Acces... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4152
https://notcve.org/view.php?id=CVE-2019-4152
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no invalida los tokens de sesión de manera oportuna. La falta de una expiración de sesión apropiada puede permitir a los atacantes con acceso local iniciar sesión en una sesión de navegador cerrada. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 • CWE-384: Session Fixation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4151
https://notcve.org/view.php?id=CVE-2019-4151
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158512. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4150
https://notcve.org/view.php?id=CVE-2019-4150
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. IBM Security Access Manager versión 9.0.1 hasta 9.0.6 no comprueba, o comprueba incorrectamente, un certificado que podría permitir a un atacante falsificar una entidad confiable utilizando un ataque de tipo Man-in-the-middle (MITM). ID de IBM X-Force: 158510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4145
https://notcve.org/view.php?id=CVE-2019-4145
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, se podría mostrar altamente sensible en condiciones especializadas a un usuario local, lo que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 158400. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 •