CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6083
https://notcve.org/view.php?id=CVE-2014-6083
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permiten a atacantes remotos obtener información de cookies sensibles al capturar el tráfico de red durante una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95810 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6086
https://notcve.org/view.php?id=CVE-2014-6086
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no asegura que se utilice HTTPS, lo que permite a atacantes remotos obtener información sensible al capturar el tráfico de red durante una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95813 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6087
https://notcve.org/view.php?id=CVE-2014-6087
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 facilita a atacantes remotos obtener información sensible capturando el tráfico de la red al utilizar un algoritmo débil como conjunto de cifrado SSL. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95813 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6080
https://notcve.org/view.php?id=CVE-2014-6080
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a usuarios remotos autenticados, ejecutar sentencias SQL arbitrarias mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95767 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 2%CPEs: 19EXPL: 0CVE-2014-4823
https://notcve.org/view.php?id=CVE-2014-4823
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar comandos de sistema a través de vectores no especificados. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 https://exchange.xforce.ibmcloud.com/vulnerabilities/95573 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •