CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4153
https://notcve.org/view.php?id=CVE-2019-4153
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, podría permitir a un atacante remoto conducir ataques de phishing, usando un ataque de tipo redireccionamiento abierto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4152
https://notcve.org/view.php?id=CVE-2019-4152
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no invalida los tokens de sesión de manera oportuna. La falta de una expiración de sesión apropiada puede permitir a los atacantes con acceso local iniciar sesión en una sesión de navegador cerrada. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-384: Session Fixation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4151
https://notcve.org/view.php?id=CVE-2019-4151
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158512. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4150
https://notcve.org/view.php?id=CVE-2019-4150
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. IBM Security Access Manager versión 9.0.1 hasta 9.0.6 no comprueba, o comprueba incorrectamente, un certificado que podría permitir a un atacante falsificar una entidad confiable utilizando un ataque de tipo Man-in-the-middle (MITM). ID de IBM X-Force: 158510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4145
https://notcve.org/view.php?id=CVE-2019-4145
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, se podría mostrar altamente sensible en condiciones especializadas a un usuario local, lo que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 158400. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 https://www.ibm.com/support/docview.wss?uid=ibm10888379 •