CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2017-1473
https://notcve.org/view.php?id=CVE-2017-1473
23 Apr 2018 — IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. IBM Security Access Manager Appliance 8.0.0 hasta 8.0.1.6 y 9.0.0 hasta la 9.0.3.1 emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 128605. • http://www.ibm.com/support/docview.wss?uid=swg22012268 • CWE-326: Inadequate Encryption Strength •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1478
https://notcve.org/view.php?id=CVE-2017-1478
11 Jan 2018 — IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. La versión 9.0.0 de IBM Security Access Manager Appliance permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 128613. • http://www.ibm.com/support/docview.wss?uid=swg22012323 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2017-1534
https://notcve.org/view.php?id=CVE-2017-1534
10 Jan 2018 — IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. IBM Security... • http://www.ibm.com/support/docview.wss?uid=swg22008936 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.1EPSS: 0%CPEs: 21EXPL: 0CVE-2016-2908
https://notcve.org/view.php?id=CVE-2016-2908
01 Feb 2017 — IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. IBM Single Sign On para Bluemix podrían permitir a un atacante remoto obtener información sensible, provocado por un error de entidad externa XML (XXE) al procesar datos XML por el analizador XML. Un atacante re... • http://www.ibm.com/support/docview.wss?uid=swg21995531 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.4EPSS: 0%CPEs: 38EXPL: 0CVE-2016-3016
https://notcve.org/view.php?id=CVE-2016-3016
01 Feb 2017 — IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. IBM Security Access Manager para Web procesa parches, copias de seguridad de imágenes y otras actualizaciones sin verificar suficientemente el origen y la integridad del código, lo que podrían permitir a un atacante autenticado cargar código malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21995518 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.0EPSS: 0%CPEs: 38EXPL: 0CVE-2016-3021
https://notcve.org/view.php?id=CVE-2016-3021
01 Feb 2017 — IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. IBM Security Access Manager para Web podría permitir a un atacante autenticado obtener información sensible de un mensaje de error utilizando una petición HTTP especialmente manipulada. • http://www.ibm.com/support/docview.wss?uid=swg21995436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2016-3022
https://notcve.org/view.php?id=CVE-2016-3022
01 Feb 2017 — IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. IBM Security Access Manager para Web podría permitir a un usuario autenticado obtener acceso a información altamente sensible debido a permisos de archivos incorrectos. • http://www.ibm.com/support/docview.wss?uid=swg21995360 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 0%CPEs: 38EXPL: 0CVE-2016-3023
https://notcve.org/view.php?id=CVE-2016-3023
01 Feb 2017 — IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. IBM Security Access Manager para Web podría permitir a un usuario no autenticado obtener acceso a información sensible introduciendo nombres de archivo no válidos. • http://www.ibm.com/support/docview.wss?uid=swg21995348 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 21EXPL: 0CVE-2016-3024
https://notcve.org/view.php?id=CVE-2016-3024
01 Feb 2017 — IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. IBM Security Access Manager para Web permite que las páginas web se almacenen localmente y que puedan ser leídas por otro usuario del sistema. • http://www.ibm.com/support/docview.wss?uid=swg21995340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2016-3027
https://notcve.org/view.php?id=CVE-2016-3027
01 Feb 2017 — IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Security Access Manager para Web es vulnerable a una denegación de servicio, causada por un error de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer in... • http://www.ibm.com/support/docview.wss?uid=swg21994440 • CWE-611: Improper Restriction of XML External Entity Reference •