Ibm

Security Access Manager 9.0 Firmware

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2017-1478

  • EPSS 0.09%
  • Published 11.01.2018 17:29:00
  • Last modified 21.11.2024 03:21:56

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.

6.1

CVE-2017-1533

  • EPSS 0.31%
  • Published 10.01.2018 17:29:00
  • Last modified 21.11.2024 03:22:01

IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

4.9

CVE-2017-1459

  • EPSS 0.1%
  • Published 10.01.2018 17:29:00
  • Last modified 21.11.2024 03:21:54

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.

8.1

CVE-2017-1477

  • EPSS 0.58%
  • Published 13.11.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-...

9

CVE-2017-1453

  • EPSS 4.97%
  • Published 13.11.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on...

4.3

CVE-2016-3051

  • EPSS 0.24%
  • Published 07.06.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.

6.5

CVE-2016-3019

  • EPSS 0.13%
  • Published 07.06.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.

7.5

CVE-2016-5919

  • EPSS 0.13%
  • Published 16.02.2017 20:59:00
  • Last modified 20.04.2025 01:37:25

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.

5.5

CVE-2015-5013

  • EPSS 0.11%
  • Published 08.02.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.

5.5

CVE-2016-3020

  • EPSS 0.12%
  • Published 07.02.2017 16:59:00
  • Last modified 20.04.2025 01:37:25

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this...