CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4157
https://notcve.org/view.php?id=CVE-2019-4157
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario Web, y por lo tanto, alterar la funcionalidad deseada que podría conllevar a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4156
https://notcve.org/view.php?id=CVE-2019-4156
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158572. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4153
https://notcve.org/view.php?id=CVE-2019-4153
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, podría permitir a un atacante remoto conducir ataques de phishing, usando un ataque de tipo redireccionamiento abierto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4152
https://notcve.org/view.php?id=CVE-2019-4152
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no invalida los tokens de sesión de manera oportuna. La falta de una expiración de sesión apropiada puede permitir a los atacantes con acceso local iniciar sesión en una sesión de navegador cerrada. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-384: Session Fixation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4151
https://notcve.org/view.php?id=CVE-2019-4151
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158512. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-326: Inadequate Encryption Strength •