CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4150
https://notcve.org/view.php?id=CVE-2019-4150
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. IBM Security Access Manager versión 9.0.1 hasta 9.0.6 no comprueba, o comprueba incorrectamente, un certificado que podría permitir a un atacante falsificar una entidad confiable utilizando un ataque de tipo Man-in-the-middle (MITM). ID de IBM X-Force: 158510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4145
https://notcve.org/view.php?id=CVE-2019-4145
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, se podría mostrar altamente sensible en condiciones especializadas a un usuario local, lo que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 158400. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 https://www.ibm.com/support/docview.wss?uid=ibm10888379 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4135
https://notcve.org/view.php?id=CVE-2019-4135
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es afectado por una vulnerabilidad de seguridad que podría permitir a usuarios autenticados hacerse pasar por otros usuarios. ID de IBM X-Force: 158331. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 https://www.ibm.com/support/docview.wss?uid=ibm10888379 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1970
https://notcve.org/view.php?id=CVE-2018-1970
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. IBM Security Identity Manager 7.0.1 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=ibm10796380 https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1803
https://notcve.org/view.php?id=CVE-2018-1803
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702. IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 podría permitir que un atacante remoto secuestre la acción de clicado de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clicado de la víctima y, probablemente, lanzar más ataques contra la víctima. • http://www.ibm.com/support/docview.wss?uid=ibm10787785 https://exchange.xforce.ibmcloud.com/vulnerabilities/149702 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •