Page 11 of 106 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. IBM Security Access Manager Appliance en sus versiones 8.0.0 y 9.0.0 podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=swg22008936 http://www.securityfocus.com/bid/102509 http://www.securitytracker.com/id/1040169 https://exchange.xforce.ibmcloud.com/vulnerabilities/130676 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. La versión 9.0.3 de IBM Security Access Manager Appliance es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22009240 https://exchange.xforce.ibmcloud.com/vulnerabilities/128612 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. IBM Security Identity Manager Virtual Appliance en su versión 9.0.3 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. Mediante el envío de una petición especialmente manipulada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22009242 https://exchange.xforce.ibmcloud.com/vulnerabilities/128372 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 164EXPL: 0

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. • http://www.ibm.com/support/docview.wss?uid=swg22006959 http://www.securityfocus.com/bid/100592 http://www.securitytracker.com/id/1039227 https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. IBM Security Access Manager para Web 9.0.0 podría permitir a un usuario autenticado acceder a alguna funcionalidad privilegiada del servidor. IBM X-Force ID: 114714. • http://www.ibm.com/support/docview.wss?uid=swg21995724 http://www.securityfocus.com/bid/98912 http://www.securitytracker.com/id/1038615 https://exchange.xforce.ibmcloud.com/vulnerabilities/114714 • CWE-264: Permissions, Privileges, and Access Controls •