CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6076
https://notcve.org/view.php?id=CVE-2014-6076
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a atacantes remotos llevar a cabo ataques de clickjacking través de un sitio web modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6080
https://notcve.org/view.php?id=CVE-2014-6080
18 Dec 2014 — SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a usuarios remotos autenticados, ejecutar sentencias SQL arbitraria... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6087
https://notcve.org/view.php?id=CVE-2014-6087
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 facilita a atacantes remotos obtener información sensible capturando el tráfico de la r... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6086
https://notcve.org/view.php?id=CVE-2014-6086
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no asegura que se utilice HTTPS, lo que permite a atacantes remotos obtener información se... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6088
https://notcve.org/view.php?id=CVE-2014-6088
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a atacantes remotos obtener información sensible capturando el tráfico de la red cuando se usa un cifrados SSL n... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2014-6079
https://notcve.org/view.php?id=CVE-2014-6079
03 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de la gestión local en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y S... • http://secunia.com/advisories/61278 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 19EXPL: 0CVE-2014-4823
https://notcve.org/view.php?id=CVE-2014-4823
03 Oct 2014 — The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a a... • http://secunia.com/advisories/61278 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4751
https://notcve.org/view.php?id=CVE-2014-4751
12 Aug 2014 — Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, y 8.0.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/60562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-3053
https://notcve.org/view.php?id=CVE-2014-3053
21 Jun 2014 — The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. Local Management Interface (LMI) en IBM Security Access Manager (ISAM) for Mobile 8.0 con firmware 8.0.0.0 hasta 8.0.0.3 y IBM Security Access Manager for Web 7.0 y 8.0 con firmware 8.0.0.2 y 8.0.0.3, p... • http://secunia.com/advisories/59381 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 12%CPEs: 6EXPL: 0CVE-2014-3073
https://notcve.org/view.php?id=CVE-2014-3073
21 Jun 2014 — Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security Access Manager (ISAM) for Mobile 8.0 y IBM Security Access Manager for Web 7.0 y 8.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59438 •