CVSS: 6.1EPSS: 0%CPEs: 164EXPL: 0CVE-2017-1489
https://notcve.org/view.php?id=CVE-2017-1489
28 Aug 2017 — IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. • http://www.ibm.com/support/docview.wss?uid=swg22006959 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-0494
https://notcve.org/view.php?id=CVE-2011-0494
19 Jan 2011 — Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622. Vulnerabilidad de salto de directorio en WebSEAL para IBM Tivoli Access Manager para e-business v5.1 anterior a v5.1.0.39-TIV-AWS-IF0040, v6.0 anterior a v6.0.0.25-TIV-AWS-IF0026, v6.1.0 anteri... • http://secunia.com/advisories/42955 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 13CVE-2010-4120 – IBM Tivoli Access Manager for E-Business - '/ibm/wpm/acl?method' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4120
28 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la cosola TAM de IBM Tivol... • https://www.exploit-db.com/exploits/34908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •