CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2016-3045
https://notcve.org/view.php?id=CVE-2016-3045
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM Security Access Manager para Web almacena información sensible en parámetros URL. Esto puede dar lugar a la divulgación de información si las partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado referente o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21995435 http://www.securityfocus.com/bid/95103 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 38EXPL: 0CVE-2016-3023
https://notcve.org/view.php?id=CVE-2016-3023
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. IBM Security Access Manager para Web podría permitir a un usuario no autenticado obtener acceso a información sensible introduciendo nombres de archivo no válidos. • http://www.ibm.com/support/docview.wss?uid=swg21995348 http://www.securityfocus.com/bid/96124 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 12EXPL: 0CVE-2016-3028
https://notcve.org/view.php?id=CVE-2016-3028
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. IBM Security Access Manager para Web 7.0 en versiones anteriores a IF2 y 8.0 en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.1.0 IF5 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el acceso de administración LMI. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 http://www-01.ibm.com/support/docview.wss?uid=swg21990317 http://www.securityfocus.com/bid/93176 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8531
https://notcve.org/view.php?id=CVE-2015-8531
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security Access Manager for Web 8.0 en versiones anteriores a 8.0.1.3 IF4 y 9.0 en versiones anteriores a 9.0.0.1 IF1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV80692 http://www-01.ibm.com/support/docview.wss?uid=swg21974651 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-5010
https://notcve.org/view.php?id=CVE-2015-5010
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. IBM Security Access Manager for Web 7.0 en versiones anteriores a 7.0.0 IF21, 8.0 en versiones anteriores a 8.0.1.3 IF4 y 9.0 en versiones anteriores a 9.0.0.1 IF1 no tiene un mecanismo de bloqueo para intentos de inicio de sesión no válidos, lo que facilita a atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV80694 http://www-01.ibm.com/support/docview.wss?uid=swg1IV80728 http://www-01.ibm.com/support/docview.wss?uid=swg21970508 • CWE-254: 7PK - Security Features •