Lucene search
K
IbmSecurity Access Manager

48 matches found

CVE
CVE
added 2019/06/25 3:45 p.m.154 views

CVE-2019-4153

The CVE-2019-4153 vulnerability affects IBM Security Access Manager (ISAM) versions 9.0.1 through 9.0.6 (ISAM Appliance 9.0.1–9.0.6). It describes an open redirect that a remote attacker can exploit to phish by spoofing the URL displayed to users, potentially directing them to a malicious site an...

6.8CVSS6.7AI score0.01012EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.147 views

CVE-2019-4135

CVE-2019-4135 affects IBM Security Access Manager (ISAM) versions 9.0.1 through 9.0.6 (ISAM and ISAM Appliance). The vulnerability could allow authenticated users to impersonate other users. IBM’s remediation specifies ISAM 9.0.7.0 as the first fix. Privilege and impact details are consistent wit...

8.8CVSS8.4AI score0.01534EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.144 views

CVE-2019-4152

CVE-2019-4152 affects IBM Security Access Manager (ISAM) software, specifically ISAM 9.0.1 through 9.0.6 (and ISAM Appliance 9.0.1–9.0.6). The root cause is improper invalidation/expiration of session tokens, leading to potential login into a closed browser session by an attacker with local acces...

5.1CVSS4.6AI score0.00313EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.135 views

CVE-2019-4156

CVE-2019-4156 affects IBM Security Access Manager (ISAM) software for versions 9.0.1 through 9.0.6, where weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is documented in NVD and IBM/X-Force entries, with remediation availab...

5.9CVSS6.2AI score0.00869EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.114 views

CVE-2019-4145

CVE-2019-4145 affects IBM Security Access Manager (ISAM) and ISAM Appliance. Affected versions are 9.0.1 through 9.0.6, where a vulnerability could disclose highly sensitive information to a local user in specialized conditions, potentially enabling further attacks. IBM’s remediation is to update...

7.7CVSS6.9AI score0.00352EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.114 views

CVE-2019-4151

CVE-2019-4151 affects IBM Security Access Manager (ISAM) and ISAM Appliance versions 9.0.1–9.0.6. The issue is due to the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The vulnerability is documented in NVD and IBM adv...

5.9CVSS6.2AI score0.00869EPSS
CVE
CVE
added 2019/10/25 4:30 p.m.113 views

CVE-2019-4036

CVE-2019-4036 affects IBM Security Access Manager Appliance. The available documents show unauthenticated remote denial-of-service against the reverse proxy, commonly associated with Slow HTTP/Slowloris abuse. Affected product: IBM Security Access Manager Appliance (ISAM Appliance); impact: denia...

7.5CVSS7.2AI score0.01382EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.111 views

CVE-2019-4150

CVE-2019-4150 affects IBM Security Access Manager (ISAM) releases 9.0.1–9.0.6. The issue is improper or missing certificate validation, enabling MITM-style spoofing of a trusted entity. The vulnerability arises in certificate handling within ISAM components and could allow an attacker to imperson...

4.3CVSS5AI score0.00578EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.109 views

CVE-2019-4158

The CVE-2019-4158 entry concerns IBM Security Access Manager (ISAM) / ISAM Appliance versions 9.0.1–9.0.6 where the system fails to verify a user’s identity, potentially exposing resources or functionality to unintended actors. This is tied to ISAM 9.0.x deployments (non-appliance and appliance v...

5.5CVSS6.1AI score0.00684EPSS
CVE
CVE
added 2019/06/25 3:45 p.m.106 views

CVE-2019-4157

CVE-2019-4157 affects IBM Security Access Manager (ISAM) software, specifically versions 9.0.1 through 9.0.6. The issue is a cross-site scripting vulnerability that lets an attacker embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure ...

6.1CVSS6AI score0.00894EPSS
CVE
CVE
added 2024/06/28 3:42 p.m.87 views

CVE-2024-35139

CVE-2024-35139 affects IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1. The root cause is incorrect default permissions that allow a local user to obtain sensitive information from the container. Impact is information disclosure within the container. Remediation per sources ...

6.2CVSS5.7AI score0.00232EPSS
CVE
CVE
added 2024/06/28 3:33 p.m.73 views

CVE-2024-35137

Summary of CVE-2024-35137 : IBM Security Access Manager Docker versions 10.0.0.0–10.0.7.1 have an information-disclosure weakness where sensitive configuration information is exposed, enabling a local user to potentially elevate privileges. The issue is corroborated by multiple sources (IBM X-For...

6.2CVSS6.2AI score0.00255EPSS
CVE
CVE
added 2024/06/27 6:27 p.m.72 views

CVE-2023-38370

CVE-2023-38370 affects IBM Security Verify Access Docker 10.0.0.0–10.0.7.1. Under certain configurations, a user on the network could install malicious packages via the container. Connected Intel: IBM bulletin confirms multiple vulnerabilities and remediation via updated releases; for the Docker ...

7.5CVSS6.8AI score0.00705EPSS
CVE
CVE
added 2024/06/27 6:14 p.m.69 views

CVE-2023-38371

IBM Security Access Manager Docker versions 10.0.0.0–10.0.7.1 are affected by CVE-2023-38371 due to use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The issue affects the Docker deployment of IBM Security Access Manager (...

7.5CVSS6.3AI score0.00461EPSS
CVE
CVE
added 2024/06/27 6:21 p.m.66 views

CVE-2023-30997

IBM Security Access Manager (Docker) versions 10.0.0.0 through 10.0.7.1 are affected by CVE-2023-30997, a local privilege escalation due to improper access controls that could allow a local user to obtain root access. The issue is documented with a high impact (C/H/I/H/A/H) and local attack vecto...

7.8CVSS7.4AI score0.00231EPSS
CVE
CVE
added 2018/10/22 1:0 p.m.65 views

CVE-2018-1850

CVE-2018-1850 affects IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0, and 9.0.5.0. When Advanced Access Control services are running, it could allow unauthorized administration operations. The root cause is within the Advanced Access Control service enabling admin actions without proper a...

8.8CVSS8AI score0.02247EPSS
CVE
CVE
added 2024/06/27 6:18 p.m.65 views

CVE-2023-30998

CVE-2023-30998 affects IBM Security Verify Access Docker (versions 10.0.0.0–10.0.7.1). Root cause: improper access controls allowing a local user to obtain root. Impact: local privilege escalation on affected containers. Remediation: upgrade to 10.0.8.0 or later (IBM guidance; docker pull icr.io/...

7.8CVSS7.4AI score0.00231EPSS
CVE
CVE
added 2024/06/27 6:25 p.m.64 views

CVE-2023-38368

IBM Security Access Manager/Verify Access Docker versions 10.0.0.0–10.0.7.1 are affected by an information-disclosure issue due to improper permission controls that could allow a local user to access sensitive data (CVE-2023-38368). The baseline documents confirm the affected product family and v...

5.5CVSS5.3AI score0.00186EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.61 views

CVE-2016-3045

CVE-2016-3045 affects IBM Security Access Manager for Web (ISAM) family. The issue is that ISAM stores sensitive information in URL parameters, creating potential information disclosure if URLs are exposed via server logs, Referer headers, or browser history. Affected products include ISAM for We...

4.3CVSS3.9AI score0.00842EPSS
CVE
CVE
added 2018/06/06 5:0 p.m.61 views

CVE-2017-1474

CVE-2017-1474 affects IBM Security Access Manager family. The IBM advisory lists affected versions: IBM Security Access Manager for Web 7.0–7.0.0.33, 8.0–8.0.1.6; IBM Security Access Manager for Mobile 8.0–8.0.1.6; IBM Security Access Manager Appliance 9.0–9.0.3.1; IBM Tivoli Access Manager for e...

5.3CVSS4.8AI score0.01759EPSS
CVE
CVE
added 2020/10/15 12:40 p.m.60 views

CVE-2019-4552

CVE-2019-4552 affects IBM Security Access Manager (ISAM) 9.0.7 and IBM Security Verify Access (ISVA) 10.0.0. The vulnerability is an HTTP response splitting flaw that a remote attacker can trigger by clicking a specially crafted URL, potentially enabling web cache poisoning, cross-site scripting,...

6.1CVSS6.5AI score0.00908EPSS
CVE
CVE
added 2020/10/12 1:5 p.m.60 views

CVE-2020-4661

IBM Security Access Manager (ISAM) 9.0.7 and IBM Security Verify Access (ISVA) 10.0.0 are affected by CVE-2020-4661, a timing side-channel information disclosure vulnerability. The issue stems from a vulnerability in how ISAM/ISVA handled certain operations, potentially allowing an attacker to ob...

5.3CVSS4.9AI score0.00456EPSS
CVE
CVE
added 2017/08/28 8:0 p.m.59 views

CVE-2017-1489

CVE-2017-1489 affects IBM Security Access Manager (ISM) across multiple releases, specifically e-community configurations in ISM versions 6.1, 7.0, 8.0, and 9.0. The root issue is a redirect vulnerability where ECSSO Master Authentication can redirect to a server not participating in the e-commun...

6.1CVSS6AI score0.01182EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.57 views

CVE-2018-1740

CVE-2018-1740 affects IBM Security Access Manager Appliance versions 9.0.1.0–9.0.5.0. Description in the sources: a cross-site scripting (XSS) vulnerability in the Web UI that can let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. T...

5.4CVSS5.3AI score0.0066EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.57 views

CVE-2018-1814

Summary of CVE-2018-1814 : IBM Security Access Manager Appliance versions 9.0.1.0–9.0.5.0 use weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The issue is documented in IBM X-Force/IBM advisory and is reflected in NVD/NVD-relat...

7.5CVSS7.6AI score0.00966EPSS
CVE
CVE
added 2018/03/08 4:0 p.m.56 views

CVE-2018-1443

The CVE-2018-1443 issue affects IBM Security Access Manager (IAS) Appliance versions 9.0.0–9.0.4 and IBM Tivoli Federated Identity Manager (TFIM) versions 6.2, 6.2.1, and 6.2.2, due to an XML parsing vulnerability in the SAML-based SSO flow. An attacker with authenticated access could trick the S...

5.9CVSS5.4AI score0.00413EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.56 views

CVE-2018-1804

IBM Security Access Manager Appliance is affected by CVE-2018-1804 due to not setting the secure attribute on authorization tokens or session cookies, enabling potential exposure of sensitive information via MITM. Affected versions: 9.0.1.0–9.0.5.0. Impact is described as information disclosure u...

4.3CVSS4.8AI score0.00915EPSS
CVE
CVE
added 2018/06/06 5:0 p.m.55 views

CVE-2017-1480

CVE-2017-1480 affects IBM Security Access Manager Appliance: Web 8.0–8.0.1.6, Mobile 8.0–8.0.1.6, and ISAM 9.0–9.0.3.1. The issue is an information exposure where potentially sensitive data stored in log files could be read by a remote user. CVSS v3 base score is 4.3 (MEDIUM). Remediation provide...

4.3CVSS4.2AI score0.01776EPSS
CVE
CVE
added 2018/08/24 11:0 a.m.55 views

CVE-2018-1722

IBM Security Access Manager Appliance versions 9.0.4.0 and 9.0.5.0 are affected by CVE-2018-1722, which could allow remote code execution when Advanced Access Control or Federation services are running. Exploitation details are not provided in the supplied documents, but the IBM Security Bulletin...

10CVSS9.3AI score0.09044EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.54 views

CVE-2018-1653

CVE-2018-1653 affects IBM Security Access Manager Appliance versions 9.0.1.0–9.0.5.0. It describes a cross-site scripting vulnerability that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The IBM bulletin lists the reme...

5.4CVSS5.6AI score0.00968EPSS
CVE
CVE
added 2021/07/15 4:0 p.m.54 views

CVE-2021-20439

CVE-2021-20439 affects IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0, where credentials are stored in plain text, enabling potential read by unauthorized users. IBM published fixes: update ISAM Docker to 9.0.7.2_IF2 and Verify Access Docker to 10.0.2.0. Remediation ...

7.5CVSS7.3AI score0.01185EPSS
CVE
CVE
added 2016/11/25 3:38 a.m.53 views

CVE-2016-3025

The CVE-2016-3025 issue affects IBM Security Access Manager for Mobile and IBM Security Access Manager (Web/Mobile) where inadequate account lockout settings allow brute-forcing remote authentication. Affected: IBM Security Access Manager for Mobile 8.0.x (before 8.0.1.4 IF3) and 9.x (before 9.0....

8.1CVSS7.7AI score0.01602EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.53 views

CVE-2018-1813

CVE-2018-1813 affects IBM Security Access Manager Appliance (versions 9.0.1.0–9.0.5.0). Description indicates the vulnerability stems from incomplete blacklisting during input validation, enabling attackers to bypass application controls and directly impact system and data integrity. Connected IB...

6.5CVSS6.9AI score0.00904EPSS
CVE
CVE
added 2020/10/15 12:40 p.m.53 views

CVE-2020-4499

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are affected by an authentication-bypass vulnerability where an unauthorized public OAuth client can bypass authentication checks and access applications. Root cause: flawed OAuth client handling that permits bypass of certai...

9.8CVSS9.2AI score0.01232EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.52 views

CVE-2018-1803

Affected software: IBM Security Access Manager Appliance (versions 9.0.1.0–9.0.5.0). Vulnerability: remote attacker could hijack the victim’s click actions by luring them to a malicious site. Impact: potential for credential exposure and further attacks via UI actions. Root cause: described as a ...

6.1CVSS6.6AI score0.01183EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.51 views

CVE-2016-3018

CVE-2016-3018 affects IBM Security Access Manager family. IBM’s Security Bulletin confirms cross-site scripting in IBM Security Access Manager for Web (and related appliances) that could allow an attacker to inject JavaScript into the Web UI, potentially leading to credential disclosure within a ...

6.1CVSS5.9AI score0.00785EPSS
CVE
CVE
added 2020/05/20 12:35 p.m.50 views

CVE-2020-4461

CVE-2020-4461 affects IBM Security Access Manager Appliance 9.0.7.1 where an authenticated user could bypass security by manipulating id_token claims without verification. The issue is documented by IBM and tied to ISAM 9.0; CVSS base metrics in public sources show impact to integrity with a netw...

6.5CVSS6.1AI score0.00933EPSS
CVE
CVE
added 2018/06/06 5:0 p.m.49 views

CVE-2017-1476

CVE-2017-1476 affects IBM Security Access Manager family. An information disclosure vulnerability arises from failure to properly enable HTTP Strict Transport Security (HSTS), enabling a remote attacker to obtain sensitive information via MITM. Affected products and versions include IBM Security ...

5.9CVSS5.3AI score0.02281EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.49 views

CVE-2018-1805

CVE-2018-1805 affects IBM Security Access Manager Appliance 9.0.1.0–9.0.5.0. The issue is information disclosure via error messages that reveal sensitive details about the environment, users, or data. The NVD entry lists a CVSS v2 base score of 4.0 (Medium) and CVSS v3 base score of 4.3 (Medium),...

4.3CVSS5.2AI score0.00976EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.49 views

CVE-2018-1815

CVE-2018-1815 affects IBM Security Access Manager Appliance (Enterprise Single-Sign On) Web UI. The vulnerability is a cross-site scripting flaw that could allow an attacker to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Aff...

6.1CVSS6AI score0.00894EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.48 views

CVE-2018-1887

CVE-2018-1887 affects IBM Security Access Manager Appliance versions 9.0.1.0–9.0.5.0, where the product contains hard-coded credentials used for inbound authentication, outbound communication, or encryption of internal data. The issue, as described in the CVE entry, implies potential unauthorized...

7.8CVSS8AI score0.00212EPSS
CVE
CVE
added 2019/02/04 9:0 p.m.48 views

CVE-2018-1970

CVE-2018-1970 affects IBM Security Identity Manager 7.0.1, where XML External Entity (XXE) processing vulnerability exists when handling XML data. The underling issue is improper XML parsing that allows an attacker to disclose sensitive information or exhaust memory resources. Affected product: I...

7.1CVSS7AI score0.01853EPSS
CVE
CVE
added 2018/12/13 4:0 p.m.47 views

CVE-2018-1886

What is affected : IBM Security Access Manager Appliance versions 9.0.1.0 through 9.0.5.0. Impact : Information disclosure to unauthorized users, which could enable further attacks on the system. Root cause / context : Described as a vulnerability that allows disclosure of sensitive information (...

5.3CVSS5.7AI score0.01301EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.47 views

CVE-2019-4707

IBM Security Access Manager Appliance is affected by CVE-2019-4707 due to an XML External Entity (XXE) injection when processing XML data. The issue impacts ISAM 9.0.x (specifically 9.0.7.0) and could allow an unauthenticated or remote attacker to access sensitive information or exhaust memory/re...

7.1CVSS6.8AI score0.01398EPSS
CVE
CVE
added 2020/10/06 3:45 p.m.47 views

CVE-2019-4725

CVE-2019-4725 affects IBM Security Access Manager (ISAM) Appliance 9.0. The vulnerability is a cross-site scripting (XSS) flaw in the Web UI that could allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Connected sources indic...

6.1CVSS5.7AI score0.0073EPSS
CVE
CVE
added 2020/10/12 1:5 p.m.43 views

CVE-2020-4660

CVE-2020-4660 affects IBM Security Access Manager (ISAM) 9.0.7 and IBM Security Verify Access (ISVA) 10.0.0. The issue is an information disclosure via timing side-channel attacks that could aid in further compromise. The connected IBM bulletin confirms the vulnerability and lists the affected pr...

5.3CVSS4.9AI score0.00456EPSS
CVE
CVE
added 2016/11/25 3:38 a.m.42 views

CVE-2016-3028

CVE-2016-3028 affects IBM Security Access Manager products: ISAM for Web 7.0 before IF2, ISAM for Web 8.0 before 8.0.1.4 IF3, and ISAM 9.0 before 9.0.1.0 IF5, plus IBM Security Access Manager for Mobile 8.0 and 9.0. The flaw allows a remote authenticated attacker with admin access to the LMI to e...

9.1CVSS9.2AI score0.03537EPSS
CVE
CVE
added 2020/10/12 1:5 p.m.42 views

CVE-2020-4699

CVE-2020-4699 affects IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0. The root cause is a timing side-channel vulnerability that could allow an attacker to obtain sensitive information, aiding further attacks. Affected products/files: ISAM 9.0.7 and ISVA 10.0.0. Remediati...

5.3CVSS4.9AI score0.00456EPSS