CVE-2014-4823
https://notcve.org/view.php?id=CVE-2014-4823
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. La consola de administración en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar comandos de sistema a través de vectores no especificados. • http://secunia.com/advisories/61278 http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919 http://www-01.ibm.com/support/docview.wss?uid=swg21684466 https://exchange.xforce.ibmcloud.com/vulnerabilities/95573 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2014-4809
https://notcve.org/view.php?id=CVE-2014-4809
The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. El componente WebSEAL en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, cuando e-community SSO está habilitado, permite a atacantes remotos causar una denegación de servicio (cuelgue del componente) a través de vectores no especificados. • http://secunia.com/advisories/61294 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915 http://www-01.ibm.com/support/docview.wss?uid=swg21685246 https://exchange.xforce.ibmcloud.com/vulnerabilities/95376 •
CVE-2014-3053
https://notcve.org/view.php?id=CVE-2014-3053
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. Local Management Interface (LMI) en IBM Security Access Manager (ISAM) for Mobile 8.0 con firmware 8.0.0.0 hasta 8.0.0.3 y IBM Security Access Manager for Web 7.0 y 8.0 con firmware 8.0.0.2 y 8.0.0.3, permite a atacantes remotos evadir autenticación a través de una acción de inicio de sesión con credenciales inválidas. • http://secunia.com/advisories/59381 http://secunia.com/advisories/59438 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557 http://www-01.ibm.com/support/docview.wss?uid=swg21676389 http://www-01.ibm.com/support/docview.wss?uid=swg21676700 http://www.securityfocus.com/bid/68132 https://exchange.xforce.ibmcloud.com/vulnerabilities/93501 • CWE-287: Improper Authentication •
CVE-2014-3052
https://notcve.org/view.php?id=CVE-2014-3052
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance. La funcionalidad de proxy inverso en IBM Security Access Manager (ISAM) for Web 8.0 con firmware 8.0.0.2 y 8.0.0.3 interpreta el parámetro jct-nist-compliance de la forma opuesta de la intencionada, lo que facilita a atacantes remotos obtener información sensible mediante el aprovechamiento de configuraciones de codificación SSL débiles que carecen del cumplimiento NIST SP 800-131A. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553 http://www-01.ibm.com/support/docview.wss?uid=swg21676705 https://exchange.xforce.ibmcloud.com/vulnerabilities/93454 • CWE-16: Configuration •
CVE-2014-3073
https://notcve.org/view.php?id=CVE-2014-3073
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security Access Manager (ISAM) for Mobile 8.0 y IBM Security Access Manager for Web 7.0 y 8.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59438 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563 http://www-01.ibm.com/support/docview.wss?uid=swg21676699 http://www.securityfocus.com/bid/68137 https://exchange.xforce.ibmcloud.com/vulnerabilities/93790 •