CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1474
https://notcve.org/view.php?id=CVE-2017-1474
06 Jun 2018 — IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606. IBM Security Access Manager Appliance 7.0.0, desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 revela información sensible a usuarios no autorizados. Esta información puede emplearse para ejecutar más ataques en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22012329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1476
https://notcve.org/view.php?id=CVE-2017-1476
06 Jun 2018 — IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610. IBM InfoSphere Information Server 7.0.0, desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 podría permitir que un atacant... • http://www.ibm.com/support/docview.wss?uid=swg22012310 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2016-3045
https://notcve.org/view.php?id=CVE-2016-3045
01 Feb 2017 — IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM Security Access Manager para Web almacena información sensible en parámetros URL. Esto puede dar lugar a la divulgación de información si las partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado referente o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21995435 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2016-3028
https://notcve.org/view.php?id=CVE-2016-3028
25 Nov 2016 — IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. IBM Security Access Manager para Web 7.0 en versiones anteriores a IF2 y 8.0 en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.1.0 IF5 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el acceso de administ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 1%CPEs: 26EXPL: 0CVE-2015-4963
https://notcve.org/view.php?id=CVE-2015-4963
08 Nov 2015 — IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. IBM Security Access Manager for Web 7.x en versiones anteriores a 7.0.0.16 y 8.x en versiones anteriores a 8.0.1.3 no maneja correctamente las peticiones WebSEAL HTTPTransformation, lo que permite a atacantes remotos leer o escribir a archivos arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196 • CWE-17: DEPRECATED: Code •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6078
https://notcve.org/view.php?id=CVE-2014-6078
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no tiene un periodo de bloqueo tras intentos fallidos de login, esto provoca que se... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6082
https://notcve.org/view.php?id=CVE-2014-6082
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permiten a usuarios autenticados remotos provocar una denegación de servicio (desconexión de la interfaz de administraci... • http://secunia.com/advisories/61945 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6084
https://notcve.org/view.php?id=CVE-2014-6084
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 hace que atacantes remotos puedan obtener información sensible fácilmente capturando el tráfico de red durant... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6077
https://notcve.org/view.php?id=CVE-2014-6077
18 Dec 2014 — Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a atacantes remotos a robar la autent... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6083
https://notcve.org/view.php?id=CVE-2014-6083
18 Dec 2014 — IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permiten a atacantes remotos obtener información de cookies sensibles al capturar el tráfico de red durante una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •