Security Bulletin: IBM Security Access Manager Appliance has fixed a cross-site scripting vulnerability (CVE-2018-1740)

Summary IBM Security Access Manager Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability...

Security Bulletin: OpenSource MIT Kerberos Vulnerabilities affect IBM Security Access Manager for Web (CVE-2015-2695, CVE-2015-2696)

Summary IBM Security Access Manager for Web is affected by MIT Kerberos vulnerabilities. Vulnerability Details CVEID: CVE-2015-2695 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gssinquireconte...

Security Bulletin: mDNS vulnerability affects IBM Security Access Manager for Web (CVE-2015-1892)

Summary A vulnerability in mDNS affects IBM Security Access Manager for Web. Vulnerability Details CVEID: CVE-2015-1892 DESCRIPTION: IBM Security Access Manager for Web could allow a remote attacker to send specially crafted UDP packets to extract information from the mDNS service. CVSS Base Scor...

Cross site scripting

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On CDSSO is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors...