CVSS: 6.1EPSS: 0%CPEs: 164EXPL: 0CVE-2017-1489
https://notcve.org/view.php?id=CVE-2017-1489
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. • http://www.ibm.com/support/docview.wss?uid=swg22006959 http://www.securityfocus.com/bid/100592 http://www.securitytracker.com/id/1039227 https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2016-3018
https://notcve.org/view.php?id=CVE-2016-3018
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Access Manager para Web es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995347 http://www.securityfocus.com/bid/96380 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2016-3045
https://notcve.org/view.php?id=CVE-2016-3045
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM Security Access Manager para Web almacena información sensible en parámetros URL. Esto puede dar lugar a la divulgación de información si las partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado referente o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21995435 http://www.securityfocus.com/bid/95103 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 13EXPL: 0CVE-2016-3025
https://notcve.org/view.php?id=CVE-2016-3025
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM Security Access Manager para Mobile 8.x en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.x en versiones anteriores a 9.0.1.0 IF5 no restringe adecuadamente intentos de inicio de sesión fallidos, lo que facilita a atacantes remotos obtener acceso a través de una aproximación de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258 http://www-01.ibm.com/support/docview.wss?uid=swg21991107 http://www.securityfocus.com/bid/93178 • CWE-254: 7PK - Security Features •
CVSS: 10.0EPSS: 2%CPEs: 19EXPL: 0CVE-2014-4823
https://notcve.org/view.php?id=CVE-2014-4823
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar comandos de sistema a través de vectores no especificados. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 https://exchange.xforce.ibmcloud.com/vulnerabilities/95573 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •