VYPR

Security Access Manager For Web 8.0 Firmware

by IBM

CVEs (102)

  • CVE-2017-1489MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

  • CVE-2016-3018MedFeb 1, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2015-8531MedFeb 15, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2017-1476MedJun 6, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to…

  • CVE-2018-1443MedMar 8, 2018
    risk 0.38cvss 5.9epss 0.00

    An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into…

  • CVE-2016-3043MedFeb 1, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2015-5013MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.00

    The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.

  • CVE-2016-3020MedFeb 7, 2017
    risk 0.36cvss 5.5epss 0.01

    IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass…

  • CVE-2017-1474MedJun 6, 2018
    risk 0.35cvss 5.3epss 0.02

    IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.

  • CVE-2016-3023MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.

  • CVE-2016-3016MedFeb 1, 2017
    risk 0.29cvss 4.4epss 0.00

    IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.

  • CVE-2017-1480MedJun 6, 2018
    risk 0.28cvss 4.3epss 0.02

    IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.

  • CVE-2016-3051MedJun 7, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.

  • CVE-2017-1459MedJan 10, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.

  • CVE-2016-3024MedFeb 1, 2017
    risk 0.26cvss 4.0epss 0.00

    IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2016-3045LowFeb 1, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.

  • CVE-2017-1478LowJan 11, 2018
    risk 0.21cvss 3.3epss 0.00

    IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.

  • CVE-2016-3046LowFeb 1, 2017
    risk 0.18cvss 2.7epss 0.01

    IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.

  • CVE-2016-3021LowFeb 1, 2017
    risk 0.18cvss 2.7epss 0.01

    IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.

  • CVE-2024-35139Jun 28, 2024
    risk 0.00cvss epss 0.00

    IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.

Page 2 of 6