CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1478
https://notcve.org/view.php?id=CVE-2017-1478
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. La versión 9.0.0 de IBM Security Access Manager Appliance permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 128613. • http://www.ibm.com/support/docview.wss?uid=swg22012323 http://www.securityfocus.com/bid/102502 http://www.securitytracker.com/id/1040172 https://exchange.xforce.ibmcloud.com/vulnerabilities/128613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1533
https://notcve.org/view.php?id=CVE-2017-1533
IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. IBM Security Access Manager Appliance 9.0.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012327 http://www.securityfocus.com/bid/102496 http://www.securitytracker.com/id/1040168 https://exchange.xforce.ibmcloud.com/vulnerabilities/130675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1459
https://notcve.org/view.php?id=CVE-2017-1459
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378. IBM Security Access Manager Appliance 8.0.0 y 9.0.0 especifica permisos para un recurso crítico para la seguridad de forma que permite que ese recurso sea leído o modificado por actores no planeados. IBM X-Force ID: 128378. • http://www.ibm.com/support/docview.wss?uid=swg22012331 http://www.securitytracker.com/id/1040170 https://exchange.xforce.ibmcloud.com/vulnerabilities/128378 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1453
https://notcve.org/view.php?id=CVE-2017-1453
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. IBM Security Identity Manager Virtual Appliance en su versión 9.0.3 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. Mediante el envío de una petición especialmente manipulada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22009242 https://exchange.xforce.ibmcloud.com/vulnerabilities/128372 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1477
https://notcve.org/view.php?id=CVE-2017-1477
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. La versión 9.0.3 de IBM Security Access Manager Appliance es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22009240 https://exchange.xforce.ibmcloud.com/vulnerabilities/128612 • CWE-611: Improper Restriction of XML External Entity Reference •