CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4499
https://notcve.org/view.php?id=CVE-2020-4499
15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un cliente Oauth público no autorizado omitir algunas o todas las comprobaciones de autenticación y conseguir acceso a las aplicaciones. IBM X-Force ID: 182216 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4552
https://notcve.org/view.php?id=CVE-2019-4552
15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. IBM Security Access Manager versión 9.0.7 e IBM Security Veri... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4699
https://notcve.org/view.php?id=CVE-2020-4699
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186947 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4661
https://notcve.org/view.php?id=CVE-2020-4661
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186142 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4660
https://notcve.org/view.php?id=CVE-2020-4660
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186140 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4725
https://notcve.org/view.php?id=CVE-2019-4725
06 Oct 2020 — IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131. IBM Security Access Manager Appliance versión 9.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4461
https://notcve.org/view.php?id=CVE-2020-4461
20 May 2020 — IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. El IBM Security Access Manager Appliance versión 9.0.7.1, podría permitir a un usuario autentificado omitir la seguridad al permitir una manipulación de las peticiones de id_token sin verificación. IBM X-Force ID: 181481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4707
https://notcve.org/view.php?id=CVE-2019-4707
28 Jan 2020 — IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. IBM Security Access Manager Appliance versión 9.0.7.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 • CWE-611: Improper Restriction of XML External Entity Reference •