Security Access Manager@9.0.2.0 Security Vulnerabilities and Issues — Security Access Manager@9.0.2.0 CVE List

Lucene search

IbmSecurity Access Manager9.0.2.0

11 matches found

CVE•added 2018/01/10 5:29 p.m.•51 views

CVE-2017-1534

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a u...

6.1CVSS5.8AI score0.00291EPSS

CVE•added 2018/06/06 5:29 p.m.•48 views

CVE-2017-1474

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.

5.3CVSS4.8AI score0.00191EPSS

CVE•added 2017/08/29 1:35 a.m.•46 views

CVE-2017-1489

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

6.1CVSS6AI score0.0021EPSS

CVE•added 2018/03/08 4:29 p.m.•45 views

CVE-2018-1443

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a diffe...

5.9CVSS5.4AI score0.00061EPSS

CVE•added 2018/06/06 5:29 p.m.•41 views

CVE-2017-1480

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.

4.3CVSS4.2AI score0.00128EPSS

CVE•added 2017/06/07 5:29 p.m.•37 views

CVE-2016-3051

IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.

4.3CVSS4.3AI score0.00243EPSS

CVE•added 2018/01/11 5:29 p.m.•37 views

CVE-2017-1478

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.

3.3CVSS3.4AI score0.00089EPSS

CVE•added 2018/01/10 5:29 p.m.•36 views

CVE-2017-1459

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.

4.9CVSS4.1AI score0.00102EPSS

CVE•added 2018/04/23 1:29 p.m.•36 views

CVE-2017-1473

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2018/06/06 5:29 p.m.•36 views

CVE-2017-1476

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive info...

5.9CVSS5.3AI score0.00263EPSS

CVE•added 2017/06/07 5:29 p.m.•35 views

CVE-2016-3019

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.

6.5CVSS6.2AI score0.0013EPSS