CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6089
https://notcve.org/view.php?id=CVE-2014-6089
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a usuarios remotos autenticados provocar una denegación de servicio (interrupción de operacio... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-19: Data Processing Errors •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6076
https://notcve.org/view.php?id=CVE-2014-6076
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a atacantes remotos llevar a cabo ataques de clickjacking través de un sitio web modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6080
https://notcve.org/view.php?id=CVE-2014-6080
18 Dec 2014 — SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a usuarios remotos autenticados, ejecutar sentencias SQL arbitraria... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6087
https://notcve.org/view.php?id=CVE-2014-6087
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 facilita a atacantes remotos obtener información sensible capturando el tráfico de la r... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6086
https://notcve.org/view.php?id=CVE-2014-6086
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no asegura que se utilice HTTPS, lo que permite a atacantes remotos obtener información se... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6088
https://notcve.org/view.php?id=CVE-2014-6088
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a atacantes remotos obtener información sensible capturando el tráfico de la red cuando se usa un cifrados SSL n... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •