Security Access Manager For Mobile 8.0 Firmware
Sign in to watchby IBM
CVEs (10)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-7169 | Cri | 0.86 | 9.8 | 0.89 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. |
| CVE-2014-6271 | Cri | 0.86 | 9.8 | 0.94 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. |
| CVE-2016-3029 | Hig | 0.57 | 8.8 | 0.00 | Feb 1, 2017 | IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |
| CVE-2016-3027 | Med | 0.42 | 6.5 | 0.01 | Feb 1, 2017 | IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |
| CVE-2016-3022 | Med | 0.42 | 6.5 | 0.00 | Feb 1, 2017 | IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. | |
| CVE-2016-3023 | Med | 0.34 | 5.3 | 0.00 | Feb 1, 2017 | IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. | |
| CVE-2016-3024 | Med | 0.26 | 4.0 | 0.00 | Feb 1, 2017 | IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. | |
| CVE-2016-3021 | Low | 0.18 | 2.7 | 0.00 | Feb 1, 2017 | IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | |
| CVE-2014-4823 | 0.01 | — | 0.06 | Oct 3, 2014 | The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | ||
| CVE-2014-6079 | 0.00 | — | 0.00 | Oct 3, 2014 | Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |