Page 2 of 15 results (0.010 seconds)

CVSS: 5.3EPSS: 0%CPEs: 38EXPL: 0

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. IBM Security Access Manager para Web podría permitir a un usuario no autenticado obtener acceso a información sensible introduciendo nombres de archivo no válidos. • http://www.ibm.com/support/docview.wss?uid=swg21995348 http://www.securityfocus.com/bid/96124 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 38EXPL: 0

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. IBM Security Access Manager para Web podría permitir a un atacante autenticado obtener información sensible de un mensaje de error utilizando una petición HTTP especialmente manipulada. • http://www.ibm.com/support/docview.wss?uid=swg21995436 http://www.securityfocus.com/bid/96114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. IBM Security Access Manager para Web podría permitir a un usuario autenticado obtener acceso a información altamente sensible debido a permisos de archivos incorrectos. • http://www.ibm.com/support/docview.wss?uid=swg21995360 http://www.securityfocus.com/bid/96130 • CWE-275: Permission Issues •

CVSS: 4.4EPSS: 0%CPEs: 38EXPL: 0

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. IBM Security Access Manager para Web procesa parches, copias de seguridad de imágenes y otras actualizaciones sin verificar suficientemente el origen y la integridad del código, lo que podrían permitir a un atacante autenticado cargar código malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21995518 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de la gestión local en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 http://www-01.ibm.com/support/docview.wss?uid=swg21685244 http://www.securityfocus.com/bid/70197 https://exchange.xforce.ibmcloud.com/vulnerabilities/95763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •