CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4395
https://notcve.org/view.php?id=CVE-2020-4395
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358. IBM Security Access Manager Appliance versión 9.0.7, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 179358 • https://exchange.xforce.ibmcloud.com/vulnerabilities/179358 https://www.ibm.com/support/pages/node/6347592 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4699
https://notcve.org/view.php?id=CVE-2020-4699
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186947 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 https://www.ibm.com/support/pages/node/6346619 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4661
https://notcve.org/view.php?id=CVE-2020-4661
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186142 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 https://www.ibm.com/support/pages/node/6346619 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4660
https://notcve.org/view.php?id=CVE-2020-4660
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186140 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 https://www.ibm.com/support/pages/node/6346619 • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4725
https://notcve.org/view.php?id=CVE-2019-4725
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131. IBM Security Access Manager Appliance versión 9.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión de confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 https://www.ibm.com/support/pages/node/6342889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •