CVE-2018-1887
https://notcve.org/view.php?id=CVE-2018-1887
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078. IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 152078. • http://www.ibm.com/support/docview.wss?uid=ibm10787785 https://exchange.xforce.ibmcloud.com/vulnerabilities/152078 • CWE-798: Use of Hard-coded Credentials •
CVE-2018-1804
https://notcve.org/view.php?id=CVE-2018-1804
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703. IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 no establece el atributo "secure" en los tokens de autorización o las cookies de sesión. Esto podría permitir que un atacante explote esta vulnerabilidad para obtener información sensible empleando técnicas Man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=ibm10787785 https://exchange.xforce.ibmcloud.com/vulnerabilities/149703 • CWE-384: Session Fixation •
CVE-2018-1814
https://notcve.org/view.php?id=CVE-2018-1814
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018. IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 150018. • http://www.ibm.com/support/docview.wss?uid=ibm10787785 https://exchange.xforce.ibmcloud.com/vulnerabilities/150018 • CWE-326: Inadequate Encryption Strength •
CVE-2018-1813
https://notcve.org/view.php?id=CVE-2018-1813
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017. IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 emplea listas negras incompletas para validar entradas, lo que permite que los atacantes omitan los controles de la aplicación, lo que provoca un impacto directo al sistema y a la integridad de los datos. IBM X-Force ID: 150017. • http://www.ibm.com/support/docview.wss?uid=ibm10787785 https://exchange.xforce.ibmcloud.com/vulnerabilities/150017 •
CVE-2018-1850
https://notcve.org/view.php?id=CVE-2018-1850
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998. IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 y 9.0.5.0 podría permitir operaciones de administración no autorizadas cuando se está ejecutando el servicio Advanced Access Control. IBM X-Force ID: 150998. • http://www.ibm.com/support/docview.wss?uid=ibm10734555 http://www.securitytracker.com/id/1042036 https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 •