Security Access Manager Security Vulnerabilities and Issues — Security Access Manager CVE List

Lucene search

IbmSecurity Access Manager

12 matches found

CVE•added 2019/06/25 4:15 p.m.•102 views

CVE-2019-4145

IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.

7.7CVSS6.9AI score0.00045EPSS

CVE•added 2019/10/25 5:15 p.m.•101 views

CVE-2019-4036

IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.

7.5CVSS7.2AI score0.00529EPSS

CVE•added 2024/06/27 7:15 p.m.•59 views

CVE-2023-38370

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.

7.5CVSS6.8AI score0.00074EPSS

CVE•added 2024/06/27 6:15 p.m.•56 views

CVE-2023-38371

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.

7.5CVSS6.3AI score0.00047EPSS

CVE•added 2024/06/27 7:15 p.m.•52 views

CVE-2023-30997

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.

7.8CVSS7.4AI score0.00023EPSS

CVE•added 2024/06/27 7:15 p.m.•50 views

CVE-2023-30998

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.

7.8CVSS7.4AI score0.00023EPSS

CVE•added 2018/12/13 4:29 p.m.•46 views

CVE-2018-1814

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.

7.5CVSS7.6AI score0.00112EPSS

CVE•added 2021/07/15 4:15 p.m.•44 views

CVE-2021-20439

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.

7.5CVSS7.3AI score0.00205EPSS

CVE•added 2018/04/23 1:29 p.m.•36 views

CVE-2017-1473

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2019/02/04 9:29 p.m.•36 views

CVE-2018-1970

IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.

7.1CVSS7AI score0.00359EPSS

CVE•added 2020/01/28 7:15 p.m.•36 views

CVE-2019-4707

IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.

7.1CVSS6.8AI score0.00604EPSS

CVE•added 2018/12/13 4:29 p.m.•33 views

CVE-2018-1887

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Forc...

7.8CVSS8AI score0.00016EPSS