CVSS: 10.0EPSS: 36%CPEs: 2EXPL: 0CVE-2018-1722
https://notcve.org/view.php?id=CVE-2018-1722
24 Aug 2018 — IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370. IBM Security Access Manager Appliance 9.0.4.0 y 9.0.5.0 podría permitir la ejecución remota de código cuando se están ejecutando los servicios Advanced Access Control o Federation. IBM X-Force ID: 147370. • http://www.securityfocus.com/bid/105145 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1732
https://notcve.org/view.php?id=CVE-2017-1732
17 Aug 2018 — IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 no establece el atributo s... • http://www.ibm.com/support/docview.wss?uid=ibm10726017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1474
https://notcve.org/view.php?id=CVE-2017-1474
06 Jun 2018 — IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606. IBM Security Access Manager Appliance 7.0.0, desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 revela información sensible a usuarios no autorizados. Esta información puede emplearse para ejecutar más ataques en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22012329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1476
https://notcve.org/view.php?id=CVE-2017-1476
06 Jun 2018 — IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610. IBM InfoSphere Information Server 7.0.0, desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 podría permitir que un atacant... • http://www.ibm.com/support/docview.wss?uid=swg22012310 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1480
https://notcve.org/view.php?id=CVE-2017-1480
06 Jun 2018 — IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617. IBM Security Access Manager Appliance desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 almacena información potencialmente sensible en archivos de registro que podrían ser leídos por un usuario remoto. IBM X-Force ID: 128617. • http://www.ibm.com/support/docview.wss?uid=swg22012309 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2017-1473
https://notcve.org/view.php?id=CVE-2017-1473
23 Apr 2018 — IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. IBM Security Access Manager Appliance 8.0.0 hasta 8.0.1.6 y 9.0.0 hasta la 9.0.3.1 emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 128605. • http://www.ibm.com/support/docview.wss?uid=swg22012268 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1443
https://notcve.org/view.php?id=CVE-2018-1443
08 Mar 2018 — An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754. Una vulnerabilidad de análisis sintáctico de XML afecta a los sistemas SSO (Single Sign On) basados en SAML de IBM (IBM Security Ac... • http://www.ibm.com/support/docview.wss?uid=swg22014160 • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1478
https://notcve.org/view.php?id=CVE-2017-1478
11 Jan 2018 — IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. La versión 9.0.0 de IBM Security Access Manager Appliance permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 128613. • http://www.ibm.com/support/docview.wss?uid=swg22012323 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1533
https://notcve.org/view.php?id=CVE-2017-1533
10 Jan 2018 — IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. IBM Security Access Manager Appliance 9.0.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera la... • http://www.ibm.com/support/docview.wss?uid=swg22012327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2017-1534
https://notcve.org/view.php?id=CVE-2017-1534
10 Jan 2018 — IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. IBM Security... • http://www.ibm.com/support/docview.wss?uid=swg22008936 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •