CVE-2017-1489
https://notcve.org/view.php?id=CVE-2017-1489
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. • http://www.ibm.com/support/docview.wss?uid=swg22006959 http://www.securityfocus.com/bid/100592 http://www.securitytracker.com/id/1039227 https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-3045
https://notcve.org/view.php?id=CVE-2016-3045
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM Security Access Manager para Web almacena información sensible en parámetros URL. Esto puede dar lugar a la divulgación de información si las partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado referente o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21995435 http://www.securityfocus.com/bid/95103 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3017
https://notcve.org/view.php?id=CVE-2016-3017
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. IBM Security Access Manager para Web podrían permitir a un atacante remoto obtener información sensible debido a errores de configuración de seguridad. • http://www.ibm.com/support/docview.wss?uid=swg21995519 • CWE-358: Improperly Implemented Security Check for Standard •
CVE-2016-3024
https://notcve.org/view.php?id=CVE-2016-3024
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. IBM Security Access Manager para Web permite que las páginas web se almacenen localmente y que puedan ser leídas por otro usuario del sistema. • http://www.ibm.com/support/docview.wss?uid=swg21995340 http://www.securityfocus.com/bid/96132 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3027
https://notcve.org/view.php?id=CVE-2016-3027
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Security Access Manager para Web es vulnerable a una denegación de servicio, causada por un error de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.ibm.com/support/docview.wss?uid=swg21994440 http://www.securityfocus.com/bid/96127 • CWE-611: Improper Restriction of XML External Entity Reference •