20 matches found
CVE-2013-6329
CVE-2013-6329 involves IBM GSKit and causes remote denial of service via a crafted SSLv2 session resumption handshake. Public details in connected IBM bulletins indicate GSKit issues affect multiple IBM products (Content Manager OnDemand 8.5/9.0; Tivoli Directory Server; IBM HTTP Server; WebSpher...
CVE-2017-1474
CVE-2017-1474 affects IBM Security Access Manager family. The IBM advisory lists affected versions: IBM Security Access Manager for Web 7.0–7.0.0.33, 8.0–8.0.1.6; IBM Security Access Manager for Mobile 8.0–8.0.1.6; IBM Security Access Manager Appliance 9.0–9.0.3.1; IBM Tivoli Access Manager for e...
CVE-2016-3045
CVE-2016-3045 affects IBM Security Access Manager for Web (ISAM) family. The issue is that ISAM stores sensitive information in URL parameters, creating potential information disclosure if URLs are exposed via server logs, Referer headers, or browser history. Affected products include ISAM for We...
CVE-2017-1489
CVE-2017-1489 affects IBM Security Access Manager (ISM) across multiple releases, specifically e-community configurations in ISM versions 6.1, 7.0, 8.0, and 9.0. The root issue is a redirect vulnerability where ECSSO Master Authentication can redirect to a server not participating in the e-commun...
CVE-2017-1480
CVE-2017-1480 affects IBM Security Access Manager Appliance: Web 8.0–8.0.1.6, Mobile 8.0–8.0.1.6, and ISAM 9.0–9.0.3.1. The issue is an information exposure where potentially sensitive data stored in log files could be read by a remote user. CVSS v3 base score is 4.3 (MEDIUM). Remediation provide...
CVE-2014-6086
IBM Security Access Manager for Mobile 8.x (before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10, and 8.x before 8.0.1) fail to enforce HTTPS, enabling remote attackers to sniff HTTP sessions and obtain sensitive information. This vulnerability is documented as CVE-2014-60...
CVE-2014-6088
IBM Security Access Manager for Mobile 8.x before 8.0.1 and IBM Security Access Manager for Web 7.x before 7.0.0 FP10, and 8.x before 8.0.1 are affected by an information disclosure vulnerability where an SSL client using a null cipher can lead to cleartext data exposure. This is a remote network...
CVE-2016-3018
CVE-2016-3018 affects IBM Security Access Manager family. IBM’s Security Bulletin confirms cross-site scripting in IBM Security Access Manager for Web (and related appliances) that could allow an attacker to inject JavaScript into the Web UI, potentially leading to credential disclosure within a ...
CVE-2014-6082
CVE-2014-6082 affects IBM Security Access Manager for Mobile (8.x, before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10, and 8.x before 8.0.1). A remote authenticated user can cause an administration UI outage (denial of service) via unspecified vectors. IBM lists remediat...
CVE-2015-4963
IBM Security Access Manager for Web is affected by CVE-2015-4963 due to mishandling of WebSEAL HTTPTransformation requests, allowing remote attackers to read/write arbitrary files. Affected versions include SAM for Web 7.x all releases prior to 7.0.0.16 and 8.x prior to 8.0.1.3. Remediation is av...
CVE-2017-1476
CVE-2017-1476 affects IBM Security Access Manager family. An information disclosure vulnerability arises from failure to properly enable HTTP Strict Transport Security (HSTS), enabling a remote attacker to obtain sensitive information via MITM. Affected products and versions include IBM Security ...
CVE-2014-6080
IBM Security Access Manager for Mobile 8.x and IBM Security Access Manager for Web 7.x/8.x are affected by CVE-2014-6080, an SQL injection vulnerability exploitable by remote authenticated attackers via unspecified vectors. The IBM security bulletin describes that an attacker could view, add, mod...
CVE-2014-6087
CVE-2014-6087 affects IBM Security Access Manager for Mobile and Web. The issue arises from weak SSL cipher suite usage that allows remote attackers to obtain sensitive information by sniffing traffic. Affected: IBM Security Access Manager for Mobile 8.0.x before 8.0.1; IBM Security Access Manage...
CVE-2014-6077
CVE-2014-6077 is a CSRF vulnerability affecting IBM Security Access Manager for Mobile 8.0.x up to 8.0.0.5 and IBM Security Access Manager for Web 7.x up to FP10 (7.0.0.x) and 8.x up to 8.0.1. The issue allows an attacker to hijack the authentication of an arbitrary user via requests that insert ...
CVE-2014-6084
CVE-2014-6084 affects IBM Security Access Manager for Mobile (8.0 line) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10 and 8.x before 8.0.1). Root cause: use of weak SSL ciphers enables information disclosure via network sniffing. Impact: partial confidentiality loss of transmitte...
CVE-2014-6089
CVE-2014-6089 affects IBM Security Access Manager for Mobile 8.0.x (before 8.0.1) and IBM Security Access Manager for Web 7.x (before 7.0.0 FP10) and 8.x (before 8.0.1). A remote authenticated user can upload a file to a protected area, causing a denial of service. IBM provides patches: Web 7.0.x...
CVE-2014-6076
CVE-2014-6076 is a clickjacking vulnerability in IBM Security Access Manager for Mobile (8.x before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10 and 8.x before 8.0.1). Remote attackers can lure a user to load a crafted site to hijack clicking actions. IBM’s bulletin lists...
CVE-2014-6083
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10, and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing unencrypted HTTP sessions. Affects Mobile 8.0 lineage and Web 7.x/8.x; CVSS base score ...
CVE-2016-3028
CVE-2016-3028 affects IBM Security Access Manager products: ISAM for Web 7.0 before IF2, ISAM for Web 8.0 before 8.0.1.4 IF3, and ISAM 9.0 before 9.0.1.0 IF5, plus IBM Security Access Manager for Mobile 8.0 and 9.0. The flaw allows a remote authenticated attacker with admin access to the LMI to e...
CVE-2014-6078
IBM Security Access Manager for Mobile (8.0.x) and IBM Security Access Manager for Web (7.x/8.x) are affected by CVE-2014-6078, which enables brute-force login attempts due to no account lockout after invalid logins. The vulnerability is remote, low complexity, and does not require authentication...