CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2016-3018
https://notcve.org/view.php?id=CVE-2016-3018
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Access Manager para Web es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995347 http://www.securityfocus.com/bid/96380 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 4%CPEs: 12EXPL: 0CVE-2016-3028
https://notcve.org/view.php?id=CVE-2016-3028
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. IBM Security Access Manager para Web 7.0 en versiones anteriores a IF2 y 8.0 en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.1.0 IF5 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el acceso de administración LMI. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 http://www-01.ibm.com/support/docview.wss?uid=swg21990317 http://www.securityfocus.com/bid/93176 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2015-4963
https://notcve.org/view.php?id=CVE-2015-4963
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. IBM Security Access Manager for Web 7.x en versiones anteriores a 7.0.0.16 y 8.x en versiones anteriores a 8.0.1.3 no maneja correctamente las peticiones WebSEAL HTTPTransformation, lo que permite a atacantes remotos leer o escribir a archivos arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196 http://www-01.ibm.com/support/docview.wss?uid=swg21964828 http://www.securitytracker.com/id/1034103 • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2014-6079
https://notcve.org/view.php?id=CVE-2014-6079
Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de la gestión local en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 http://www-01.ibm.com/support/docview.wss?uid=swg21685244 http://www.securityfocus.com/bid/70197 https://exchange.xforce.ibmcloud.com/vulnerabilities/95763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 19EXPL: 0CVE-2014-4823
https://notcve.org/view.php?id=CVE-2014-4823
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar comandos de sistema a través de vectores no especificados. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 https://exchange.xforce.ibmcloud.com/vulnerabilities/95573 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •