Security Access Manager@* Security Vulnerabilities and Issues — Security Access Manager@* CVE List

Lucene search

IbmSecurity Access Manager*

11 matches found

CVE•added 2019/06/25 4:15 p.m.•144 views

CVE-2019-4153

IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to...

6.8CVSS6.7AI score0.00096EPSS

CVE•added 2019/06/25 4:15 p.m.•136 views

CVE-2019-4135

IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.

8.8CVSS8.4AI score0.0063EPSS

CVE•added 2019/06/25 4:15 p.m.•132 views

CVE-2019-4152

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

5.1CVSS4.6AI score0.00042EPSS

CVE•added 2019/06/25 4:15 p.m.•122 views

CVE-2019-4156

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.

5.9CVSS6.2AI score0.00112EPSS

CVE•added 2019/06/25 4:15 p.m.•102 views

CVE-2019-4145

IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.

7.7CVSS6.9AI score0.00045EPSS

CVE•added 2019/06/25 4:15 p.m.•102 views

CVE-2019-4151

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.

5.9CVSS6.2AI score0.00112EPSS

CVE•added 2019/10/25 5:15 p.m.•101 views

CVE-2019-4036

IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.

7.5CVSS7.2AI score0.00529EPSS

CVE•added 2019/06/25 4:15 p.m.•97 views

CVE-2019-4150

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.

4.3CVSS5AI score0.00075EPSS

CVE•added 2019/06/25 4:15 p.m.•96 views

CVE-2019-4158

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.

5.5CVSS6.1AI score0.00089EPSS

CVE•added 2019/06/25 4:15 p.m.•95 views

CVE-2019-4157

IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 15...

6.1CVSS6AI score0.00218EPSS

CVE•added 2019/02/04 9:29 p.m.•36 views

CVE-2018-1970

IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.

7.1CVSS7AI score0.00359EPSS