CVSS: 4.4EPSS: 0%CPEs: 38EXPL: 0CVE-2016-3016
https://notcve.org/view.php?id=CVE-2016-3016
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. IBM Security Access Manager para Web procesa parches, copias de seguridad de imágenes y otras actualizaciones sin verificar suficientemente el origen y la integridad del código, lo que podrían permitir a un atacante autenticado cargar código malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21995518 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.1EPSS: 1%CPEs: 13EXPL: 0CVE-2016-3025
https://notcve.org/view.php?id=CVE-2016-3025
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM Security Access Manager para Mobile 8.x en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.x en versiones anteriores a 9.0.1.0 IF5 no restringe adecuadamente intentos de inicio de sesión fallidos, lo que facilita a atacantes remotos obtener acceso a través de una aproximación de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258 http://www-01.ibm.com/support/docview.wss?uid=swg21991107 http://www.securityfocus.com/bid/93178 • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 4%CPEs: 12EXPL: 0CVE-2016-3028
https://notcve.org/view.php?id=CVE-2016-3028
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. IBM Security Access Manager para Web 7.0 en versiones anteriores a IF2 y 8.0 en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.1.0 IF5 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el acceso de administración LMI. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 http://www-01.ibm.com/support/docview.wss?uid=swg21990317 http://www.securityfocus.com/bid/93176 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2015-5012
https://notcve.org/view.php?id=CVE-2015-5012
The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. La implementación de SSH en IBM Security Access Manager for Web appliances 7.0 en versiones anteriores a 7.0.0 FP19, 8.0 en versiones anteriores a 8.0.1.3 IF3 y 9.0 en versiones anteriores a 9.0.0.0 IF1 no restringe adecuadamente el conjunto de algoritmos MAC, lo que facilita a atacantes remotos vencer los mecanismos de protección criptográfica a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 http://www-01.ibm.com/support/docview.wss?uid=swg21971422 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-5010
https://notcve.org/view.php?id=CVE-2015-5010
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. IBM Security Access Manager for Web 7.0 en versiones anteriores a 7.0.0 IF21, 8.0 en versiones anteriores a 8.0.1.3 IF4 y 9.0 en versiones anteriores a 9.0.0.1 IF1 no tiene un mecanismo de bloqueo para intentos de inicio de sesión no válidos, lo que facilita a atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV80694 http://www-01.ibm.com/support/docview.wss?uid=swg1IV80728 http://www-01.ibm.com/support/docview.wss?uid=swg21970508 • CWE-254: 7PK - Security Features •