CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4395
https://notcve.org/view.php?id=CVE-2020-4395
14 Oct 2020 — IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358. IBM Security Access Manager Appliance versión 9.0.7, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 179358 • https://exchange.xforce.ibmcloud.com/vulnerabilities/179358 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4699
https://notcve.org/view.php?id=CVE-2020-4699
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186947 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4661
https://notcve.org/view.php?id=CVE-2020-4661
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186142 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4660
https://notcve.org/view.php?id=CVE-2020-4660
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186140 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4725
https://notcve.org/view.php?id=CVE-2019-4725
06 Oct 2020 — IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131. IBM Security Access Manager Appliance versión 9.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4461
https://notcve.org/view.php?id=CVE-2020-4461
20 May 2020 — IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. El IBM Security Access Manager Appliance versión 9.0.7.1, podría permitir a un usuario autentificado omitir la seguridad al permitir una manipulación de las peticiones de id_token sin verificación. IBM X-Force ID: 181481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4707
https://notcve.org/view.php?id=CVE-2019-4707
28 Jan 2020 — IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. IBM Security Access Manager Appliance versión 9.0.7.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4036
https://notcve.org/view.php?id=CVE-2019-4036
25 Oct 2019 — IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. IBM Security Access Manager Appliance, podría permitir a un atacante no autenticado causar una denegación de servicio en el componente proxy inverso. ID de IBM X-Force: 156159. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156159 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4513
https://notcve.org/view.php?id=CVE-2019-4513
26 Aug 2019 — IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555. IBM Security Access Manager for Enterprise Single Sign-On versión 8.2.2, es vulnerable a un ataque de tipo XML External Entity (XXE) cuando se procesa datos XML. Un atacante remoto podría explotar esta vulnerabilidad para e... • http://www.ibm.com/support/docview.wss?uid=ibm10996716 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4158
https://notcve.org/view.php?id=CVE-2019-4158
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no prueba que la identidad de un usuario sea la correcta, lo que puede conllevar a la exposición de recursos o funcionalidades a actores no deseados. ID de IBM X-Force: 158574 • https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 • CWE-862: Missing Authorization •