CVE-2017-1489
https://notcve.org/view.php?id=CVE-2017-1489
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. • http://www.ibm.com/support/docview.wss?uid=swg22006959 http://www.securityfocus.com/bid/100592 http://www.securitytracker.com/id/1039227 https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2014-3053
https://notcve.org/view.php?id=CVE-2014-3053
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. Local Management Interface (LMI) en IBM Security Access Manager (ISAM) for Mobile 8.0 con firmware 8.0.0.0 hasta 8.0.0.3 y IBM Security Access Manager for Web 7.0 y 8.0 con firmware 8.0.0.2 y 8.0.0.3, permite a atacantes remotos evadir autenticación a través de una acción de inicio de sesión con credenciales inválidas. • http://secunia.com/advisories/59381 http://secunia.com/advisories/59438 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557 http://www-01.ibm.com/support/docview.wss?uid=swg21676389 http://www-01.ibm.com/support/docview.wss?uid=swg21676700 http://www.securityfocus.com/bid/68132 https://exchange.xforce.ibmcloud.com/vulnerabilities/93501 • CWE-287: Improper Authentication •
CVE-2014-3073
https://notcve.org/view.php?id=CVE-2014-3073
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security Access Manager (ISAM) for Mobile 8.0 y IBM Security Access Manager for Web 7.0 y 8.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59438 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563 http://www-01.ibm.com/support/docview.wss?uid=swg21676699 http://www.securityfocus.com/bid/68137 https://exchange.xforce.ibmcloud.com/vulnerabilities/93790 •