CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4513
https://notcve.org/view.php?id=CVE-2019-4513
26 Aug 2019 — IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555. IBM Security Access Manager for Enterprise Single Sign-On versión 8.2.2, es vulnerable a un ataque de tipo XML External Entity (XXE) cuando se procesa datos XML. Un atacante remoto podría explotar esta vulnerabilidad para e... • http://www.ibm.com/support/docview.wss?uid=ibm10996716 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1732
https://notcve.org/view.php?id=CVE-2017-1732
17 Aug 2018 — IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 no establece el atributo s... • http://www.ibm.com/support/docview.wss?uid=ibm10726017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 89%CPEs: 33EXPL: 40CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5420
https://notcve.org/view.php?id=CVE-2013-5420
23 Dec 2013 — The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. El servidor IMS anterior a Ifix 6 en IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 permite a usuarios autenticados remotamente leer ficheros de log aprovechando permisos de helpdesk en peticiones directas. • http://www-01.ibm.com/support/docview.wss?uid=swg21660211 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5421
https://notcve.org/view.php?id=CVE-2013-5421
22 Dec 2013 — Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. Vulnerabilidad cross-site scripting (XSS) en el IMS Server anterior a Ifix 6, de IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSOS) 8.2 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de la... • http://www-01.ibm.com/support/docview.wss?uid=swg21660210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6745
https://notcve.org/view.php?id=CVE-2013-6745
22 Dec 2013 — Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. Vulnerabilidad cross-site scripting (XSS) en el IMS server anterior a Ifix 6, en IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbi... • http://www-01.ibm.com/support/docview.wss?uid=swg21660569 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •