CVE-2015-8531
https://notcve.org/view.php?id=CVE-2015-8531
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security Access Manager for Web 8.0 en versiones anteriores a 8.0.1.3 IF4 y 9.0 en versiones anteriores a 9.0.0.1 IF1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV80692 http://www-01.ibm.com/support/docview.wss?uid=swg21974651 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5018
https://notcve.org/view.php?id=CVE-2015-5018
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. IBM Security Access Manager for Web 7.0.0 en versiones anteriores a FP19 y 8.0 en versiones anteriores a 8.0.1.3 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.0.0 IF1, permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios aprovechando el acceso Local Management Interface (LMI). • http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 http://www-01.ibm.com/support/docview.wss?uid=swg21970510 http://www.securitytracker.com/id/1034560 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-4963
https://notcve.org/view.php?id=CVE-2015-4963
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. IBM Security Access Manager for Web 7.x en versiones anteriores a 7.0.0.16 y 8.x en versiones anteriores a 8.0.1.3 no maneja correctamente las peticiones WebSEAL HTTPTransformation, lo que permite a atacantes remotos leer o escribir a archivos arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196 http://www-01.ibm.com/support/docview.wss?uid=swg21964828 http://www.securitytracker.com/id/1034103 • CWE-17: DEPRECATED: Code •