Lucene search
+L
IbmSecurity Access Manager For Mobile

27 matches found

cve
cve
added 2018/01/10 5:0 p.m.64 views

CVE-2017-1534

Summary: CVE-2017-1534 affects IBM Security Access Manager Appliance 8.0.x and 9.0.x. The issue is an open redirect that could enable a remote attacker to perform phishing by spoofing the URL and redirecting victims to a malicious site. This is exploitable via specially crafted web content that p...

6.1CVSS5.8AI score0.01031EPSS
cve
cve
added 2018/06/06 5:0 p.m.63 views

CVE-2017-1474

CVE-2017-1474 affects IBM Security Access Manager family. The IBM advisory lists affected versions: IBM Security Access Manager for Web 7.0–7.0.0.33, 8.0–8.0.1.6; IBM Security Access Manager for Mobile 8.0–8.0.1.6; IBM Security Access Manager Appliance 9.0–9.0.3.1; IBM Tivoli Access Manager for e...

5.3CVSS4.8AI score0.01759EPSS
cve
cve
added 2017/02/01 8:0 p.m.62 views

CVE-2016-3045

CVE-2016-3045 affects IBM Security Access Manager for Web (ISAM) family. The issue is that ISAM stores sensitive information in URL parameters, creating potential information disclosure if URLs are exposed via server logs, Referer headers, or browser history. Affected products include ISAM for We...

4.3CVSS3.9AI score0.00842EPSS
cve
cve
added 2017/08/28 8:0 p.m.60 views

CVE-2017-1489

CVE-2017-1489 affects IBM Security Access Manager (ISM) across multiple releases, specifically e-community configurations in ISM versions 6.1, 7.0, 8.0, and 9.0. The root issue is a redirect vulnerability where ECSSO Master Authentication can redirect to a server not participating in the e-commun...

6.1CVSS6AI score0.01182EPSS
cve
cve
added 2018/06/06 5:0 p.m.56 views

CVE-2017-1480

CVE-2017-1480 affects IBM Security Access Manager Appliance: Web 8.0–8.0.1.6, Mobile 8.0–8.0.1.6, and ISAM 9.0–9.0.3.1. The issue is an information exposure where potentially sensitive data stored in log files could be read by a remote user. CVSS v3 base score is 4.3 (MEDIUM). Remediation provide...

4.3CVSS4.2AI score0.01776EPSS
cve
cve
added 2014/12/18 4:0 p.m.55 views

CVE-2014-6086

IBM Security Access Manager for Mobile 8.x (before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10, and 8.x before 8.0.1) fail to enforce HTTPS, enabling remote attackers to sniff HTTP sessions and obtain sensitive information. This vulnerability is documented as CVE-2014-60...

5CVSS6.2AI score0.01369EPSS
cve
cve
added 2017/02/08 7:0 p.m.54 views

CVE-2015-5013

CVE-2015-5013 affects IBM Security Access Manager appliances where configuration files store obfuscated plaintext passwords that can be accessed by authenticated users (local exposure). IBM’s bulletin lists affected products and firmware ranges: Web 8.0.x (8.0.0.0–8.0.1.4) with upgrade to 8.0.1.5...

5.5CVSS5.3AI score0.00305EPSS
cve
cve
added 2014/12/18 4:0 p.m.53 views

CVE-2014-6088

IBM Security Access Manager for Mobile 8.x before 8.0.1 and IBM Security Access Manager for Web 7.x before 7.0.0 FP10, and 8.x before 8.0.1 are affected by an information disclosure vulnerability where an SSL client using a null cipher can lead to cleartext data exposure. This is a remote network...

5CVSS6.2AI score0.01369EPSS
cve
cve
added 2016/11/25 3:38 a.m.53 views

CVE-2016-3025

The CVE-2016-3025 issue affects IBM Security Access Manager for Mobile and IBM Security Access Manager (Web/Mobile) where inadequate account lockout settings allow brute-forcing remote authentication. Affected: IBM Security Access Manager for Mobile 8.0.x (before 8.0.1.4 IF3) and 9.x (before 9.0....

8.1CVSS7.7AI score0.01602EPSS
cve
cve
added 2017/02/01 8:0 p.m.52 views

CVE-2016-3018

CVE-2016-3018 affects IBM Security Access Manager family. IBM’s Security Bulletin confirms cross-site scripting in IBM Security Access Manager for Web (and related appliances) that could allow an attacker to inject JavaScript into the Web UI, potentially leading to credential disclosure within a ...

6.1CVSS5.9AI score0.00785EPSS
cve
cve
added 2014/12/18 4:0 p.m.51 views

CVE-2014-6082

CVE-2014-6082 affects IBM Security Access Manager for Mobile (8.x, before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10, and 8.x before 8.0.1). A remote authenticated user can cause an administration UI outage (denial of service) via unspecified vectors. IBM lists remediat...

4CVSS6.3AI score0.01386EPSS
cve
cve
added 2018/06/06 5:0 p.m.50 views

CVE-2017-1476

CVE-2017-1476 affects IBM Security Access Manager family. An information disclosure vulnerability arises from failure to properly enable HTTP Strict Transport Security (HSTS), enabling a remote attacker to obtain sensitive information via MITM. Affected products and versions include IBM Security ...

5.9CVSS5.3AI score0.02281EPSS
cve
cve
added 2014/12/18 4:0 p.m.48 views

CVE-2014-6080

IBM Security Access Manager for Mobile 8.x and IBM Security Access Manager for Web 7.x/8.x are affected by CVE-2014-6080, an SQL injection vulnerability exploitable by remote authenticated attackers via unspecified vectors. The IBM security bulletin describes that an attacker could view, add, mod...

6.5CVSS8AI score0.0104EPSS
cve
cve
added 2018/01/10 5:0 p.m.48 views

CVE-2017-1459

CVE-2017-1459 affects IBM Security Access Manager Appliance (Web: 8.0.x, 8.0.x.x mobile; Web/Mobile 8.0–8.0.1.6; overall 9.0–9.0.3.1). The root cause is misconfigured permissions on a security-critical resource that allows read/modify by unintended actors. IBM’s security bulletin recommends upgra...

4.9CVSS4.1AI score0.00576EPSS
cve
cve
added 2014/12/18 4:0 p.m.47 views

CVE-2014-6087

CVE-2014-6087 affects IBM Security Access Manager for Mobile and Web. The issue arises from weak SSL cipher suite usage that allows remote attackers to obtain sensitive information by sniffing traffic. Affected: IBM Security Access Manager for Mobile 8.0.x before 8.0.1; IBM Security Access Manage...

5CVSS6.2AI score0.01369EPSS
cve
cve
added 2017/02/07 4:0 p.m.47 views

CVE-2016-3020

Summary of CVE-2016-3020 (IBM Security Access Manager) : IBM Security Access Manager for Web versions 7.0, 8.0, and 9.0 appliances could allow a remote attacker to bypass security restrictions due to improper content validation. By persuading a user to open specially crafted content, an attacker ...

5.5CVSS5.4AI score0.01247EPSS
cve
cve
added 2018/04/23 1:0 p.m.47 views

CVE-2017-1473

CVE-2017-1473 affects IBM Security Access Manager Appliance: versions 8.0.0–8.0.1.6 and 9.0.0–9.0.3.1 use weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM’s advisory (IBM Security Access Manager Appliance) lists remediation: upgrade to 8.0....

7.5CVSS7.2AI score0.00868EPSS
cve
cve
added 2014/12/18 4:0 p.m.46 views

CVE-2014-6077

CVE-2014-6077 is a CSRF vulnerability affecting IBM Security Access Manager for Mobile 8.0.x up to 8.0.0.5 and IBM Security Access Manager for Web 7.x up to FP10 (7.0.0.x) and 8.x up to 8.0.1. The issue allows an attacker to hijack the authentication of an arbitrary user via requests that insert ...

6.8CVSS6.6AI score0.00633EPSS
cve
cve
added 2017/02/01 8:0 p.m.46 views

CVE-2016-3043

CVE-2016-3043 corresponds to an information disclosure vulnerability in IBM Security Access Manager for Web (and related ISAM lines) caused by failure to properly enable HTTP Strict Transport Security. A remote attacker could obtain sensitive information via man-in-the-middle techniques. Affected...

5.9CVSS5.4AI score0.01227EPSS
cve
cve
added 2017/02/01 8:0 p.m.46 views

CVE-2016-3046

CVE-2016-3046 affects IBM Security Access Manager family (notably Web 8.0 appliances, Mobile 8.0 appliances, and ISAM 9.0 appliances). The vulnerability is an SQL injection in IBM Security Access Manager for Web, enabling a remote attacker to submit crafted SQL statements and view backend data. I...

4CVSS4.4AI score0.00911EPSS
cve
cve
added 2014/12/18 4:0 p.m.45 views

CVE-2014-6084

CVE-2014-6084 affects IBM Security Access Manager for Mobile (8.0 line) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10 and 8.x before 8.0.1). Root cause: use of weak SSL ciphers enables information disclosure via network sniffing. Impact: partial confidentiality loss of transmitte...

5CVSS6.2AI score0.01369EPSS
cve
cve
added 2014/12/18 4:0 p.m.45 views

CVE-2014-6089

CVE-2014-6089 affects IBM Security Access Manager for Mobile 8.0.x (before 8.0.1) and IBM Security Access Manager for Web 7.x (before 7.0.0 FP10) and 8.x (before 8.0.1). A remote authenticated user can upload a file to a protected area, causing a denial of service. IBM provides patches: Web 7.0.x...

4CVSS6.3AI score0.01254EPSS
cve
cve
added 2014/12/18 4:0 p.m.43 views

CVE-2014-6076

CVE-2014-6076 is a clickjacking vulnerability in IBM Security Access Manager for Mobile (8.x before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10 and 8.x before 8.0.1). Remote attackers can lure a user to load a crafted site to hijack clicking actions. IBM’s bulletin lists...

4.3CVSS6.7AI score0.00956EPSS
cve
cve
added 2014/12/18 4:0 p.m.43 views

CVE-2014-6083

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10, and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing unencrypted HTTP sessions. Affects Mobile 8.0 lineage and Web 7.x/8.x; CVSS base score ...

5CVSS6.3AI score0.01369EPSS
cve
cve
added 2017/02/16 8:0 p.m.43 views

CVE-2016-5919

IBM Security Access Manager for Web versions 7.0 (appliance), 8.0, and 9.0 are affected by CVE-2016-5919 due to weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM provides patches and upgrade paths: for Web 7.0, apply Interim Fi...

7.5CVSS7.3AI score0.00685EPSS
cve
cve
added 2014/08/12 1:0 a.m.42 views

CVE-2014-4751

IBM Security Access Manager for Mobile versions 8.0.0.0, 8.0.0.1, and 8.0.0.3 are affected by CVE-2014-4751 (XSS). The vulnerability enables remote attackers to inject arbitrary web script or HTML via a crafted URL. Exploitation details are not provided in the connected documents beyond this desc...

4.3CVSS5.7AI score0.01773EPSS
cve
cve
added 2014/12/18 4:0 p.m.37 views

CVE-2014-6078

IBM Security Access Manager for Mobile (8.0.x) and IBM Security Access Manager for Web (7.x/8.x) are affected by CVE-2014-6078, which enables brute-force login attempts due to no account lockout after invalid logins. The vulnerability is remote, low complexity, and does not require authentication...

5CVSS6.5AI score0.01373EPSS