Ibm

Security Access Manager

48 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2019-4156

  • EPSS 0.11%
  • Published 25.06.2019 16:15:10
  • Last modified 21.11.2024 04:43:15

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.

6.8

CVE-2019-4153

  • EPSS 0.09%
  • Published 25.06.2019 16:15:10
  • Last modified 21.11.2024 04:43:14

IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability...

4.4

CVE-2019-4152

  • EPSS 0.04%
  • Published 25.06.2019 16:15:10
  • Last modified 21.11.2024 04:43:14

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

5.9

CVE-2019-4151

  • EPSS 0.11%
  • Published 25.06.2019 16:15:10
  • Last modified 21.11.2024 04:43:14

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.

7.1

CVE-2019-4145

  • EPSS 0.05%
  • Published 25.06.2019 16:15:10
  • Last modified 21.11.2024 04:43:13

IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.

8.8

CVE-2019-4135

  • EPSS 0.6%
  • Published 25.06.2019 16:15:10
  • Last modified 21.11.2024 04:43:12

IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.

7.1

CVE-2018-1970

  • EPSS 0.36%
  • Published 04.02.2019 21:29:00
  • Last modified 21.11.2024 04:00:40

IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID...

7.8

CVE-2018-1887

  • EPSS 0.02%
  • Published 13.12.2018 16:29:01
  • Last modified 21.11.2024 04:00:32

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compo...

5.3

CVE-2018-1886

  • EPSS 0.14%
  • Published 13.12.2018 16:29:01
  • Last modified 21.11.2024 04:00:32

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.

5.4

CVE-2018-1740

  • EPSS 0.16%
  • Published 13.12.2018 16:29:00
  • Last modified 21.11.2024 04:00:17

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot...