IBM Security Access Manager For Web 7.0 Firmware 7.0.0.18

CPE Details

IBM Security Access Manager For Web 7.0 Firmware 7.0.0.18
ibm
security_access_manager_for_web_7.0_firmware
7.0.0.18
2016-03-07
18h10 +00:00
2021-06-09
14h56 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.18:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

security_access_manager_for_web_7.0_firmware

Version

7.0.0.18

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2016-5919 2017-02-16 19h00 +00:00 IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
7.5
High
CVE-2016-3020 2017-02-07 15h00 +00:00 IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.
5.5
Medium
CVE-2016-3043 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
5.9
Medium
CVE-2015-5010 2016-02-15 01h00 +00:00 IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
7.5
High
CVE-2015-5012 2016-02-15 01h00 +00:00 The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.