Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ibm Subscribe
Filtered by product Security Access Manager For Web

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1474 1 Ibm 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
CVE-2017-1476 1 Ibm 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
CVE-2017-1480 1 Ibm 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
CVE-2017-1489 1 Ibm 6 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web and 3 more 2017-09-09 5.8 MEDIUM 6.1 MEDIUM
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
CVE-2016-3018 1 Ibm 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web 2017-03-02 4.3 MEDIUM 6.1 MEDIUM
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.