CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4150
https://notcve.org/view.php?id=CVE-2019-4150
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. IBM Security Access Manager versión 9.0.1 hasta 9.0.6 no comprueba, o comprueba incorrectamente, un certificado que podría permitir a un atacante falsificar una entidad confiable utilizando un ataque de tipo Man-in-the-middle (MITM). ID de IBM X-Force: 158510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 https://www.ibm.com/support/docview.wss?uid=ibm10888379 • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4145
https://notcve.org/view.php?id=CVE-2019-4145
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, se podría mostrar altamente sensible en condiciones especializadas a un usuario local, lo que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 158400. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 https://www.ibm.com/support/docview.wss?uid=ibm10888379 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4135
https://notcve.org/view.php?id=CVE-2019-4135
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es afectado por una vulnerabilidad de seguridad que podría permitir a usuarios autenticados hacerse pasar por otros usuarios. ID de IBM X-Force: 158331. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 https://www.ibm.com/support/docview.wss?uid=ibm10888379 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1970
https://notcve.org/view.php?id=CVE-2018-1970
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. IBM Security Identity Manager 7.0.1 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=ibm10796380 https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1653
https://notcve.org/view.php?id=CVE-2018-1653
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726. IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10787785 http://www.securityfocus.com/bid/106272 https://exchange.xforce.ibmcloud.com/vulnerabilities/144726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •