15 matches found
Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in NSS (CVE-2017-7805)
Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-7805 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating handshake hashes...
Security Bulletin: IBM Security Access Manager Appliance is affected by a potential information exposure vulnerability (CVE-2017-1480)
Summary IBM Security Access Manager Appliance has addressed the following information exposure vulnerability. Vulnerability Details CVEID: CVE-2017-1480 DESCRIPTION: IBM Security Access Manager Appliance stores potentially sensitive information in log files that could be read by a remote user. CV...
Security Bulletin: IBM Security Access Manager Appliance is affected by an open redirect vulnerability (CVE-2017-1534)
Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-1534 DESCRIPTION: IBM Security Access Manager Appliance could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim t...
Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability known as the SWEET32 Birthday attack (CVE-2016-2183)
Summary The IBM Security Access Manager appliances are affected by the SWEET32 Birthday attack vulnerability, which could allow an attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive informatio...
Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the libgcrypt library (CVE-2016-6313)
Summary A vulnerability has been identified in the libgcrypt library. IBM Security Access Manager appliances use the libgcrypt library and are affected by this vulnerability. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an...
Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645)
Summary A vulnerability has been identified in Busybox. IBM Security Access Manager appliances use Busybox and are affected by this vulnerabilty. Vulnerability Details CVEID: CVE-2014-9645 DESCRIPTION: Busybox could allow a local attacker to bypass security restrictions, caused by an error when...
Security Bulletin: IBM Security Access Manager appliances may be affected by a kernel vulnerability known as the Dirty COW bug (CVE-2016-5195)
Summary Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition when handling the copy-on-write COW breakage of private read-only memory mappings by the memory subsystem. This vulnerability is known as the Dirty COW bug. Under certain...
Security Bulletin: IBM Security Access Manager appliances are affected by an information disclosure vulnerability (CVE-2016-3045)
Summary IBM Security Access Manager appliances store sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. Vulnerability Details CVEID: CVE-2016-3045 DESCRIPTION: IBM...
Security Bulletin: IBM Security Access Manager appliances are affected by a response splitting vulnerability in WebSphere Application Server (CVE-2016-0359)
Summary IBM Security Access Manager version 8 & 9 appliances are affected by a HTTP response splitting vulnerability in IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A...
Security Bulletin: IBM Security Access Manager appliances are affected by an XML External Entity Injection vulnerability (CVE-2016-3027)
Summary IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID: CVE-2016-3027 DESCRIPTION: IBM Security Access Manager for Web is vulnerable to a denial of service, caused...
Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSL (CVE-2016-0797, CVE-2016-0705)
Summary Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web. Vulnerability Details CVEID: CVE-2016-0797 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BNhex2bn/BNdec2bn function. An attacker could exploit this vulnerability...
Security Bulletin: A vulnerability in SQLite affects IBM Security Access Manager for Web (CVE-2015-3416)
Summary There is a denial of service vulnerability in SQLite, which affects IBM Security Access Manager for Web. Vulnerability Details CVEID: CVE-2015-3416 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by the failure to properly handle precision and width values during...
Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access Manager for Web (CVE-2015-2730)
Summary Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. IBM Security Access Manager for Web is affected by a vulnerability in the nss-softokn package. Vulnerability Details CVEID: CVE-2015-2730...
CVE-2014-6088
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher...
Code injection
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service disrupted system operations by uploading a file to a protected area...