CVSS: 9.1EPSS: 2%CPEs: 7EXPL: 0CVE-2015-1892
https://notcve.org/view.php?id=CVE-2015-1892
01 Apr 2015 — The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. El contestador Multicast DNS (mDNS) en IBM Security Access Manager for Web 7.x anterior a 7.0.0 FP12 y 8.x anterior a 8.0.1 FP1 responde inadvertida... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2014-6079
https://notcve.org/view.php?id=CVE-2014-6079
03 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de la gestión local en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y S... • http://secunia.com/advisories/61278 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2014-4809
https://notcve.org/view.php?id=CVE-2014-4809
03 Oct 2014 — The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. El componente WebSEAL en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, cuando e-community SSO está habilitado, permite a atacantes remotos causar una denegación de servicio (cuelgue del com... • http://secunia.com/advisories/61294 •
CVSS: 10.0EPSS: 7%CPEs: 19EXPL: 0CVE-2014-4823
https://notcve.org/view.php?id=CVE-2014-4823
03 Oct 2014 — The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a a... • http://secunia.com/advisories/61278 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •