Security Access Manager Security Vulnerabilities and Issues — Security Access Manager CVE List

Lucene search

IbmSecurity Access Manager

14 matches found

CVE•added 2019/06/25 4:15 p.m.•132 views

CVE-2019-4152

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

5.1CVSS4.6AI score0.00042EPSS

CVE•added 2019/06/25 4:15 p.m.•122 views

CVE-2019-4156

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.

5.9CVSS6.2AI score0.00112EPSS

CVE•added 2019/06/25 4:15 p.m.•102 views

CVE-2019-4151

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.

5.9CVSS6.2AI score0.00112EPSS

CVE•added 2019/06/25 4:15 p.m.•96 views

CVE-2019-4158

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.

5.5CVSS6.1AI score0.00089EPSS

CVE•added 2024/06/27 7:15 p.m.•51 views

CVE-2023-38368

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.

5.5CVSS5.3AI score0.0002EPSS

CVE•added 2018/06/06 5:29 p.m.•48 views

CVE-2017-1474

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.

5.3CVSS4.8AI score0.00191EPSS

CVE•added 2018/03/08 4:29 p.m.•45 views

CVE-2018-1443

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a diffe...

5.9CVSS5.4AI score0.00061EPSS

CVE•added 2020/10/12 1:15 p.m.•44 views

CVE-2020-4661

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.

5.3CVSS4.9AI score0.00107EPSS

CVE•added 2018/12/13 4:29 p.m.•41 views

CVE-2018-1740

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

5.4CVSS5.3AI score0.00158EPSS

CVE•added 2018/12/13 4:29 p.m.•40 views

CVE-2018-1653

5.4CVSS5.6AI score0.00161EPSS

CVE•added 2018/12/13 4:29 p.m.•37 views

CVE-2018-1886

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.

5.3CVSS5.7AI score0.0014EPSS

CVE•added 2018/06/06 5:29 p.m.•36 views

CVE-2017-1476

IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive info...

5.9CVSS5.3AI score0.00263EPSS

CVE•added 2020/10/12 1:15 p.m.•31 views

CVE-2020-4660

5.3CVSS4.9AI score0.00123EPSS

CVE•added 2020/10/12 1:15 p.m.•29 views

CVE-2020-4699

5.3CVSS4.9AI score0.00107EPSS