CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6080
https://notcve.org/view.php?id=CVE-2014-6080
18 Dec 2014 — SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a usuarios remotos autenticados, ejecutar sentencias SQL arbitraria... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6087
https://notcve.org/view.php?id=CVE-2014-6087
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 facilita a atacantes remotos obtener información sensible capturando el tráfico de la r... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6086
https://notcve.org/view.php?id=CVE-2014-6086
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no asegura que se utilice HTTPS, lo que permite a atacantes remotos obtener información se... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6088
https://notcve.org/view.php?id=CVE-2014-6088
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a atacantes remotos obtener información sensible capturando el tráfico de la red cuando se usa un cifrados SSL n... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2014-6079
https://notcve.org/view.php?id=CVE-2014-6079
03 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de la gestión local en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y S... • http://secunia.com/advisories/61278 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 19EXPL: 0CVE-2014-4823
https://notcve.org/view.php?id=CVE-2014-4823
03 Oct 2014 — The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a a... • http://secunia.com/advisories/61278 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2014-4809
https://notcve.org/view.php?id=CVE-2014-4809
03 Oct 2014 — The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. El componente WebSEAL en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, cuando e-community SSO está habilitado, permite a atacantes remotos causar una denegación de servicio (cuelgue del com... • http://secunia.com/advisories/61294 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-3053
https://notcve.org/view.php?id=CVE-2014-3053
21 Jun 2014 — The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. Local Management Interface (LMI) en IBM Security Access Manager (ISAM) for Mobile 8.0 con firmware 8.0.0.0 hasta 8.0.0.3 y IBM Security Access Manager for Web 7.0 y 8.0 con firmware 8.0.0.2 y 8.0.0.3, p... • http://secunia.com/advisories/59381 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 12%CPEs: 6EXPL: 0CVE-2014-3073
https://notcve.org/view.php?id=CVE-2014-3073
21 Jun 2014 — Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security Access Manager (ISAM) for Mobile 8.0 y IBM Security Access Manager for Web 7.0 y 8.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59438 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3052
https://notcve.org/view.php?id=CVE-2014-3052
21 Jun 2014 — The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance. La funcionalidad de proxy inverso en IBM Security Access Manager (ISAM) for Web 8.0 con firmware 8.0.0.2 y 8.0.0.3 interpreta el parámetro jct-nist-compliance d... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553 • CWE-16: Configuration •