27 matches found
CVE-2017-1534
Summary: CVE-2017-1534 affects IBM Security Access Manager Appliance 8.0.x and 9.0.x. The issue is an open redirect that could enable a remote attacker to perform phishing by spoofing the URL and redirecting victims to a malicious site. This is exploitable via specially crafted web content that p...
CVE-2017-1474
CVE-2017-1474 affects IBM Security Access Manager family. The IBM advisory lists affected versions: IBM Security Access Manager for Web 7.0–7.0.0.33, 8.0–8.0.1.6; IBM Security Access Manager for Mobile 8.0–8.0.1.6; IBM Security Access Manager Appliance 9.0–9.0.3.1; IBM Tivoli Access Manager for e...
CVE-2016-3045
CVE-2016-3045 affects IBM Security Access Manager for Web (ISAM) family. The issue is that ISAM stores sensitive information in URL parameters, creating potential information disclosure if URLs are exposed via server logs, Referer headers, or browser history. Affected products include ISAM for We...
CVE-2017-1489
CVE-2017-1489 affects IBM Security Access Manager (ISM) across multiple releases, specifically e-community configurations in ISM versions 6.1, 7.0, 8.0, and 9.0. The root issue is a redirect vulnerability where ECSSO Master Authentication can redirect to a server not participating in the e-commun...
CVE-2017-1480
CVE-2017-1480 affects IBM Security Access Manager Appliance: Web 8.0–8.0.1.6, Mobile 8.0–8.0.1.6, and ISAM 9.0–9.0.3.1. The issue is an information exposure where potentially sensitive data stored in log files could be read by a remote user. CVSS v3 base score is 4.3 (MEDIUM). Remediation provide...
CVE-2014-6086
IBM Security Access Manager for Mobile 8.x (before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10, and 8.x before 8.0.1) fail to enforce HTTPS, enabling remote attackers to sniff HTTP sessions and obtain sensitive information. This vulnerability is documented as CVE-2014-60...
CVE-2015-5013
CVE-2015-5013 affects IBM Security Access Manager appliances where configuration files store obfuscated plaintext passwords that can be accessed by authenticated users (local exposure). IBM’s bulletin lists affected products and firmware ranges: Web 8.0.x (8.0.0.0–8.0.1.4) with upgrade to 8.0.1.5...
CVE-2014-6088
IBM Security Access Manager for Mobile 8.x before 8.0.1 and IBM Security Access Manager for Web 7.x before 7.0.0 FP10, and 8.x before 8.0.1 are affected by an information disclosure vulnerability where an SSL client using a null cipher can lead to cleartext data exposure. This is a remote network...
CVE-2016-3025
The CVE-2016-3025 issue affects IBM Security Access Manager for Mobile and IBM Security Access Manager (Web/Mobile) where inadequate account lockout settings allow brute-forcing remote authentication. Affected: IBM Security Access Manager for Mobile 8.0.x (before 8.0.1.4 IF3) and 9.x (before 9.0....
CVE-2016-3018
CVE-2016-3018 affects IBM Security Access Manager family. IBM’s Security Bulletin confirms cross-site scripting in IBM Security Access Manager for Web (and related appliances) that could allow an attacker to inject JavaScript into the Web UI, potentially leading to credential disclosure within a ...
CVE-2014-6082
CVE-2014-6082 affects IBM Security Access Manager for Mobile (8.x, before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10, and 8.x before 8.0.1). A remote authenticated user can cause an administration UI outage (denial of service) via unspecified vectors. IBM lists remediat...
CVE-2017-1476
CVE-2017-1476 affects IBM Security Access Manager family. An information disclosure vulnerability arises from failure to properly enable HTTP Strict Transport Security (HSTS), enabling a remote attacker to obtain sensitive information via MITM. Affected products and versions include IBM Security ...
CVE-2014-6080
IBM Security Access Manager for Mobile 8.x and IBM Security Access Manager for Web 7.x/8.x are affected by CVE-2014-6080, an SQL injection vulnerability exploitable by remote authenticated attackers via unspecified vectors. The IBM security bulletin describes that an attacker could view, add, mod...
CVE-2017-1459
CVE-2017-1459 affects IBM Security Access Manager Appliance (Web: 8.0.x, 8.0.x.x mobile; Web/Mobile 8.0–8.0.1.6; overall 9.0–9.0.3.1). The root cause is misconfigured permissions on a security-critical resource that allows read/modify by unintended actors. IBM’s security bulletin recommends upgra...
CVE-2014-6087
CVE-2014-6087 affects IBM Security Access Manager for Mobile and Web. The issue arises from weak SSL cipher suite usage that allows remote attackers to obtain sensitive information by sniffing traffic. Affected: IBM Security Access Manager for Mobile 8.0.x before 8.0.1; IBM Security Access Manage...
CVE-2016-3020
Summary of CVE-2016-3020 (IBM Security Access Manager) : IBM Security Access Manager for Web versions 7.0, 8.0, and 9.0 appliances could allow a remote attacker to bypass security restrictions due to improper content validation. By persuading a user to open specially crafted content, an attacker ...
CVE-2017-1473
CVE-2017-1473 affects IBM Security Access Manager Appliance: versions 8.0.0–8.0.1.6 and 9.0.0–9.0.3.1 use weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM’s advisory (IBM Security Access Manager Appliance) lists remediation: upgrade to 8.0....
CVE-2014-6077
CVE-2014-6077 is a CSRF vulnerability affecting IBM Security Access Manager for Mobile 8.0.x up to 8.0.0.5 and IBM Security Access Manager for Web 7.x up to FP10 (7.0.0.x) and 8.x up to 8.0.1. The issue allows an attacker to hijack the authentication of an arbitrary user via requests that insert ...
CVE-2016-3043
CVE-2016-3043 corresponds to an information disclosure vulnerability in IBM Security Access Manager for Web (and related ISAM lines) caused by failure to properly enable HTTP Strict Transport Security. A remote attacker could obtain sensitive information via man-in-the-middle techniques. Affected...
CVE-2016-3046
CVE-2016-3046 affects IBM Security Access Manager family (notably Web 8.0 appliances, Mobile 8.0 appliances, and ISAM 9.0 appliances). The vulnerability is an SQL injection in IBM Security Access Manager for Web, enabling a remote attacker to submit crafted SQL statements and view backend data. I...
CVE-2014-6084
CVE-2014-6084 affects IBM Security Access Manager for Mobile (8.0 line) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10 and 8.x before 8.0.1). Root cause: use of weak SSL ciphers enables information disclosure via network sniffing. Impact: partial confidentiality loss of transmitte...
CVE-2014-6089
CVE-2014-6089 affects IBM Security Access Manager for Mobile 8.0.x (before 8.0.1) and IBM Security Access Manager for Web 7.x (before 7.0.0 FP10) and 8.x (before 8.0.1). A remote authenticated user can upload a file to a protected area, causing a denial of service. IBM provides patches: Web 7.0.x...
CVE-2014-6076
CVE-2014-6076 is a clickjacking vulnerability in IBM Security Access Manager for Mobile (8.x before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10 and 8.x before 8.0.1). Remote attackers can lure a user to load a crafted site to hijack clicking actions. IBM’s bulletin lists...
CVE-2014-6083
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10, and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing unencrypted HTTP sessions. Affects Mobile 8.0 lineage and Web 7.x/8.x; CVSS base score ...
CVE-2016-5919
IBM Security Access Manager for Web versions 7.0 (appliance), 8.0, and 9.0 are affected by CVE-2016-5919 due to weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM provides patches and upgrade paths: for Web 7.0, apply Interim Fi...
CVE-2014-4751
IBM Security Access Manager for Mobile versions 8.0.0.0, 8.0.0.1, and 8.0.0.3 are affected by CVE-2014-4751 (XSS). The vulnerability enables remote attackers to inject arbitrary web script or HTML via a crafted URL. Exploitation details are not provided in the connected documents beyond this desc...
CVE-2014-6078
IBM Security Access Manager for Mobile (8.0.x) and IBM Security Access Manager for Web (7.x/8.x) are affected by CVE-2014-6078, which enables brute-force login attempts due to no account lockout after invalid logins. The vulnerability is remote, low complexity, and does not require authentication...