CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2017-1473
https://notcve.org/view.php?id=CVE-2017-1473
23 Apr 2018 — IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. IBM Security Access Manager Appliance 8.0.0 hasta 8.0.1.6 y 9.0.0 hasta la 9.0.3.1 emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 128605. • http://www.ibm.com/support/docview.wss?uid=swg22012268 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2017-1534
https://notcve.org/view.php?id=CVE-2017-1534
10 Jan 2018 — IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. IBM Security... • http://www.ibm.com/support/docview.wss?uid=swg22008936 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1459
https://notcve.org/view.php?id=CVE-2017-1459
10 Jan 2018 — IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378. IBM Security Access Manager Appliance 8.0.0 y 9.0.0 especifica permisos para un recurso crítico para la seguridad de forma que permite que ese recurso sea leído o modificado por actores no planeados. IBM X-Force ID: 128378. • http://www.ibm.com/support/docview.wss?uid=swg22012331 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 164EXPL: 0CVE-2017-1489
https://notcve.org/view.php?id=CVE-2017-1489
28 Aug 2017 — IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. • http://www.ibm.com/support/docview.wss?uid=swg22006959 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5919
https://notcve.org/view.php?id=CVE-2016-5919
16 Feb 2017 — IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868. IBM Security Access Manager for Web 7.0.0, 8.0.0 y 9.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible. Referencia de IBM: 1996868. • http://www.ibm.com/support/docview.wss?uid=swg21996868 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-5013
https://notcve.org/view.php?id=CVE-2015-5013
08 Feb 2017 — The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. El aparato IBM Security Access Manager incluye archivos de configuración que contienen contraseñas de texto claro obfuscadas a las que pueden acceder usuarios autenticados. • http://www.ibm.com/support/docview.wss?uid=swg21993722 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-3020
https://notcve.org/view.php?id=CVE-2016-3020
07 Feb 2017 — IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. IBM Security Access Manager para Web 7.0.0, 8.0.0 y 9.0.0 podría permitir a un atacante remoto eludir las restricciones de seguridad, causada por la validación del contenido indebido. Al... • http://www.ibm.com/support/docview.wss?uid=swg21996826 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 21EXPL: 0CVE-2016-2908
https://notcve.org/view.php?id=CVE-2016-2908
01 Feb 2017 — IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. IBM Single Sign On para Bluemix podrían permitir a un atacante remoto obtener información sensible, provocado por un error de entidad externa XML (XXE) al procesar datos XML por el analizador XML. Un atacante re... • http://www.ibm.com/support/docview.wss?uid=swg21995531 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2016-3027
https://notcve.org/view.php?id=CVE-2016-3027
01 Feb 2017 — IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Security Access Manager para Web es vulnerable a una denegación de servicio, causada por un error de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer in... • http://www.ibm.com/support/docview.wss?uid=swg21994440 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-3029
https://notcve.org/view.php?id=CVE-2016-3029
01 Feb 2017 — IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Security Access Manager para Web es vulnerable a la falsificación de solicitudes de sitios cruzados que podrían permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario que confía en el sitio web. • http://www.ibm.com/support/docview.wss?uid=swg21995345 • CWE-352: Cross-Site Request Forgery (CSRF) •