CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3051
https://notcve.org/view.php?id=CVE-2016-3051
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. IBM Security Access Manager para Web 9.0.0 podría permitir a un usuario autenticado acceder a alguna funcionalidad privilegiada del servidor. IBM X-Force ID: 114714. • http://www.ibm.com/support/docview.wss?uid=swg21995724 http://www.securityfocus.com/bid/98912 http://www.securitytracker.com/id/1038615 https://exchange.xforce.ibmcloud.com/vulnerabilities/114714 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3019
https://notcve.org/view.php?id=CVE-2016-3019
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. IBM Security Access Manager para Web 9.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información sensible. IBM X-Force ID: 114462. • http://www.ibm.com/support/docview.wss?uid=swg21988419 http://www.securityfocus.com/bid/98832 http://www.securitytracker.com/id/1038616 https://exchange.xforce.ibmcloud.com/vulnerabilities/114462 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5919
https://notcve.org/view.php?id=CVE-2016-5919
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. IBM Security Access Manager for Web 7.0.0, 8.0.0 y 9.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible. Referencia de IBM: 1996868. • http://www.ibm.com/support/docview.wss?uid=swg21996868 http://www.securitytracker.com/id/1037855 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-5013
https://notcve.org/view.php?id=CVE-2015-5013
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. El aparato IBM Security Access Manager incluye archivos de configuración que contienen contraseñas de texto claro obfuscadas a las que pueden acceder usuarios autenticados. • http://www.ibm.com/support/docview.wss?uid=swg21993722 http://www.securityfocus.com/bid/96090 http://www.securitytracker.com/id/1037792 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-3020
https://notcve.org/view.php?id=CVE-2016-3020
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. IBM Security Access Manager para Web 7.0.0, 8.0.0 y 9.0.0 podría permitir a un atacante remoto eludir las restricciones de seguridad, causada por la validación del contenido indebido. Al persuadir a una víctima para abrir contenido especialmente manipulado, un atacante podría aprovechar esta vulnerabilidad para eludir la validación y cargar una página con contenido malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21996826 • CWE-284: Improper Access Control •