Page 3 of 34 results (0.036 seconds)

CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. IBM Security Access Manager para Web podría permitir a un usuario autenticado obtener acceso a información altamente sensible debido a permisos de archivos incorrectos. • http://www.ibm.com/support/docview.wss?uid=swg21995360 http://www.securityfocus.com/bid/96130 • CWE-275: Permission Issues •

CVSS: 4.4EPSS: 0%CPEs: 38EXPL: 0

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. IBM Security Access Manager para Web procesa parches, copias de seguridad de imágenes y otras actualizaciones sin verificar suficientemente el origen y la integridad del código, lo que podrían permitir a un atacante autenticado cargar código malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21995518 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 9.1EPSS: 4%CPEs: 12EXPL: 0

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. IBM Security Access Manager para Web 7.0 en versiones anteriores a IF2 y 8.0 en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.1.0 IF5 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el acceso de administración LMI. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 http://www-01.ibm.com/support/docview.wss?uid=swg21990317 http://www.securityfocus.com/bid/93176 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. IBM Security Access Manager for Web 7.x en versiones anteriores a 7.0.0.16 y 8.x en versiones anteriores a 8.0.1.3 no maneja correctamente las peticiones WebSEAL HTTPTransformation, lo que permite a atacantes remotos leer o escribir a archivos arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196 http://www-01.ibm.com/support/docview.wss?uid=swg21964828 http://www.securitytracker.com/id/1034103 • CWE-17: DEPRECATED: Code •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no tiene un periodo de bloqueo tras intentos fallidos de login, esto provoca que sea fácil para atacantes remotos obtener acceso de administrador mediante un ataque de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95762 • CWE-284: Improper Access Control •