CVE-2017-1477
https://notcve.org/view.php?id=CVE-2017-1477
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. La versión 9.0.3 de IBM Security Access Manager Appliance es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22009240 https://exchange.xforce.ibmcloud.com/vulnerabilities/128612 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-1453
https://notcve.org/view.php?id=CVE-2017-1453
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. IBM Security Identity Manager Virtual Appliance en su versión 9.0.3 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. Mediante el envío de una petición especialmente manipulada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22009242 https://exchange.xforce.ibmcloud.com/vulnerabilities/128372 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2016-3051
https://notcve.org/view.php?id=CVE-2016-3051
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. IBM Security Access Manager para Web 9.0.0 podría permitir a un usuario autenticado acceder a alguna funcionalidad privilegiada del servidor. IBM X-Force ID: 114714. • http://www.ibm.com/support/docview.wss?uid=swg21995724 http://www.securityfocus.com/bid/98912 http://www.securitytracker.com/id/1038615 https://exchange.xforce.ibmcloud.com/vulnerabilities/114714 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-3019
https://notcve.org/view.php?id=CVE-2016-3019
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. IBM Security Access Manager para Web 9.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información sensible. IBM X-Force ID: 114462. • http://www.ibm.com/support/docview.wss?uid=swg21988419 http://www.securityfocus.com/bid/98832 http://www.securitytracker.com/id/1038616 https://exchange.xforce.ibmcloud.com/vulnerabilities/114462 • CWE-326: Inadequate Encryption Strength •
CVE-2016-5919
https://notcve.org/view.php?id=CVE-2016-5919
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. IBM Security Access Manager for Web 7.0.0, 8.0.0 y 9.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible. Referencia de IBM: 1996868. • http://www.ibm.com/support/docview.wss?uid=swg21996868 http://www.securitytracker.com/id/1037855 • CWE-326: Inadequate Encryption Strength •