Page 4 of 23 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 38EXPL: 0

CVE-2016-3023

https://notcve.org/view.php?id=CVE-2016-3023

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. IBM Security Access Manager para Web podría permitir a un usuario no autenticado obtener acceso a información sensible introduciendo nombres de archivo no válidos. • http://www.ibm.com/support/docview.wss?uid=swg21995348 http://www.securityfocus.com/bid/96124 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 2%CPEs: 19EXPL: 0

CVE-2014-4823

https://notcve.org/view.php?id=CVE-2014-4823

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar comandos de sistema a través de vectores no especificados. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 https://exchange.xforce.ibmcloud.com/vulnerabilities/95573 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0

CVE-2014-6079

https://notcve.org/view.php?id=CVE-2014-6079

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de la gestión local en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 http://www-01.ibm.com/support/docview.wss?uid=swg21685244 http://www.securityfocus.com/bid/70197 https://exchange.xforce.ibmcloud.com/vulnerabilities/95763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2014-4809

https://notcve.org/view.php?id=CVE-2014-4809

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. El componente WebSEAL en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, cuando e-community SSO está habilitado, permite a atacantes remotos causar una denegación de servicio (cuelgue del componente) a través de vectores no especificados. • http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915 http://www-01.ibm.com/support/docview.wss?uid=swg21685246 https://exchange.xforce.ibmcloud.com/vulnerabilities/95376 •

CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0

CVE-2014-3073

https://notcve.org/view.php?id=CVE-2014-3073

Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security Access Manager (ISAM) for Mobile 8.0 y IBM Security Access Manager for Web 7.0 y 8.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59438 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563 http://www-01.ibm.com/support/docview.wss?uid=swg21676699 http://www.securityfocus.com/bid/68137 https://exchange.xforce.ibmcloud.com/vulnerabilities/93790 •