9 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 164EXPL: 0

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. • http://www.ibm.com/support/docview.wss?uid=swg22006959 http://www.securityfocus.com/bid/100592 http://www.securitytracker.com/id/1039227 https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622. Vulnerabilidad de salto de directorio en WebSEAL para IBM Tivoli Access Manager para e-business v5.1 anterior a v5.1.0.39-TIV-AWS-IF0040, v6.0 anterior a v6.0.0.25-TIV-AWS-IF0026, v6.1.0 anterior a v6.1.0.5-TIV-AWS-IF0006, y v6.1.1 anterior a v6.1.1-TIV-AWS-FP0001 tiene un impacto y vectores de ataque no especificados.NOTA: esto puede superponerse a CVE-2010-4622 • http://secunia.com/advisories/42955 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ87328 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ87470 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ91619 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ91620 http://www-01.ibm.com/support/docview.wss? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI. Vulnerabilidad de salto de directorio en WebSEAL del gestor de acceso IBM Tivoli para e-business 6.1.1 anteriores a la 6.1.1-TIV-AWS-FP0001 en AIX permite a atacantes remotos leer ficheros de su elección a través de %uff0e%uff0e (codificación de punto punto) en una URI. • http://secunia.com/advisories/42727 http://securitytracker.com/id?1024927 http://www-01.ibm.com/support/docview.wss?uid=swg24028829 http://www.osvdb.org/70158 http://www.securityfocus.com/bid/45582 http://www.vupen.com/english/advisories/2010/3329 https://exchange.xforce.ibmcloud.com/vulnerabilities/64306 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. WebSEAL en el gestor de acceso IBM Tivoli para e-business 6.1.1 anteriores a 6.1.1-TIV-AWS-FP0001 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo del hilo de trabajo) a través de acciones shift-reload. • http://www-01.ibm.com/support/docview.wss?uid=swg24028829 http://www.securityfocus.com/bid/45665 https://exchange.xforce.ibmcloud.com/vulnerabilities/64471 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 3%CPEs: 2EXPL: 13

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la cosola TAM de IBM Tivoli Access Manager para e-business v6.1.0 anterior a v6.1.0-TIV-TAM-FP0006 permite a los atacantes remotos inyectar código web o HTML a través de (1) el parámetro parm1 de ivt/ivtserver, o el parámetro method de (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, o (11) webseal en ibm/wpm/. • https://www.exploit-db.com/exploits/34908 https://www.exploit-db.com/exploits/34909 https://www.exploit-db.com/exploits/34910 https://www.exploit-db.com/exploits/34911 https://www.exploit-db.com/exploits/34912 https://www.exploit-db.com/exploits/34913 https://www.exploit-db.com/exploits/34914 https://www.exploit-db.com/exploits/34915 https://www.exploit-db.com/exploits/34916 https://www.exploit-db.com/exploits/34917 https://www.exploit-db.com/exploits/34907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •