CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2014-3073
https://notcve.org/view.php?id=CVE-2014-3073
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security Access Manager (ISAM) for Mobile 8.0 y IBM Security Access Manager for Web 7.0 y 8.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59438 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563 http://www-01.ibm.com/support/docview.wss?uid=swg21676699 http://www.securityfocus.com/bid/68137 https://exchange.xforce.ibmcloud.com/vulnerabilities/93790 •
CVSS: 7.1EPSS: 5%CPEs: 4EXPL: 0CVE-2014-0963
https://notcve.org/view.php?id=CVE-2014-0963
The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages. La funcionalidad Reverse Proxy en IBM Global Security Kit (también conocido como GSKit) en IBM Security Access Manager (ISAM) para Web 7.0 anterior a 7.0.0-ISS-SAM-IF0006 y 8.0 anterior a 8.0.0.3-ISS-WGA-IF0002 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de mensajes SSL manipulados. • http://secunia.com/advisories/58845 http://secunia.com/advisories/59245 http://secunia.com/advisories/59249 http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660 http://www-01.ibm.com/support/docview.wss?uid=swg21672192 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www-304.ibm.com/support/docview.wss? • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5420
https://notcve.org/view.php?id=CVE-2013-5420
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. El servidor IMS anterior a Ifix 6 en IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 permite a usuarios autenticados remotamente leer ficheros de log aprovechando permisos de helpdesk en peticiones directas. • http://www-01.ibm.com/support/docview.wss?uid=swg21660211 https://exchange.xforce.ibmcloud.com/vulnerabilities/87482 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5421
https://notcve.org/view.php?id=CVE-2013-5421
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. Vulnerabilidad cross-site scripting (XSS) en el IMS Server anterior a Ifix 6, de IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSOS) 8.2 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de la entrada en un formulario web dinámico no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21660210 https://exchange.xforce.ibmcloud.com/vulnerabilities/87483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6745
https://notcve.org/view.php?id=CVE-2013-6745
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. Vulnerabilidad cross-site scripting (XSS) en el IMS server anterior a Ifix 6, en IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una entrada manipulada en un formulario web dinámico no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21660569 http://www.securityfocus.com/bid/64475 https://exchange.xforce.ibmcloud.com/vulnerabilities/89861 https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •