CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4157
https://notcve.org/view.php?id=CVE-2019-4157
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4156
https://notcve.org/view.php?id=CVE-2019-4156
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158572. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4153
https://notcve.org/view.php?id=CVE-2019-4153
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517. IBM Security Acces... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4152
https://notcve.org/view.php?id=CVE-2019-4152
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no invalida los tokens de sesión de manera oportuna. La falta de una expiración de sesión apropiada puede permitir a los atacantes con acceso local iniciar sesión en una sesión de navegador cerrada. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 • CWE-384: Session Fixation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4151
https://notcve.org/view.php?id=CVE-2019-4151
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158512. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4150
https://notcve.org/view.php?id=CVE-2019-4150
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. IBM Security Access Manager versión 9.0.1 hasta 9.0.6 no comprueba, o comprueba incorrectamente, un certificado que podría permitir a un atacante falsificar una entidad confiable utilizando un ataque de tipo Man-in-the-middle (MITM). ID de IBM X-Force: 158510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4145
https://notcve.org/view.php?id=CVE-2019-4145
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, se podría mostrar altamente sensible en condiciones especializadas a un usuario local, lo que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 158400. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4135
https://notcve.org/view.php?id=CVE-2019-4135
25 Jun 2019 — IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es afectado por una vulnerabilidad de seguridad que podría permitir a usuarios autenticados hacerse pasar por otros usuarios. ID de IBM X-Force: 158331. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1970
https://notcve.org/view.php?id=CVE-2018-1970
04 Feb 2019 — IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. IBM Security Identity Manager 7.0.1 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=ibm10796380 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1803
https://notcve.org/view.php?id=CVE-2018-1803
13 Dec 2018 — IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702. IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 podría permitir que un atacante remoto secuest... • http://www.ibm.com/support/docview.wss?uid=ibm10787785 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •