VYPR

Security Access Manager for Web

by IBM

CVEs (16)

  • CVE-2014-6089Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area.

  • CVE-2014-6088Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher.

  • CVE-2014-6087Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher…

  • CVE-2014-6086Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.

  • CVE-2014-6084Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher.

  • CVE-2014-6083Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

  • CVE-2014-6082Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors.

  • CVE-2014-6078Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force…

  • CVE-2014-6077Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that…

  • CVE-2014-6076Dec 18, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

  • CVE-2014-6079Oct 3, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers…

  • CVE-2014-4823Oct 3, 2014
    IBM
    Security Access Manager For Mobile
    risk 0.00cvss epss 0.03

    The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified…

  • CVE-2014-3073Jun 21, 2014
    IBM
    Security Access Manager for Web
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2014-3053Jun 21, 2014
    IBM
    Security Access Manager for Web
    risk 0.00cvss epss 0.01

    The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login…

  • CVE-2014-3052Jun 21, 2014
    IBM
    Security Access Manager For Web 8.0 Firmware
    risk 0.00cvss epss 0.00

    The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by…

  • CVE-2014-0963May 8, 2014
    IBM
    Global Security Kit
    risk 0.00cvss epss 0.03

    The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.