IBM Security Access Manager For Web 7.0 Firmware 7.0.0.13

CPE Details

IBM Security Access Manager For Web 7.0 Firmware 7.0.0.13
ibm
security_access_manager_for_web_7.0_firmware
7.0.0.13
2016-01-06
18h19 +00:00
2016-01-06
18h19 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

security_access_manager_for_web_7.0_firmware

Version

7.0.0.13

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2016-5919 2017-02-16 19h00 +00:00 IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
7.5
Haute
CVE-2016-3020 2017-02-07 15h00 +00:00 IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.
5.5
Moyen
CVE-2016-3016 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
4.4
Moyen
CVE-2016-3017 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.
7.5
Haute
CVE-2016-3021 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
2.7
Bas
CVE-2016-3022 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.
6.5
Moyen
CVE-2016-3023 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
5.3
Moyen
CVE-2016-3043 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
5.9
Moyen
CVE-2015-5010 2016-02-15 01h00 +00:00 IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
7.5
Haute
CVE-2015-5012 2016-02-15 01h00 +00:00 The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
7.5
Haute
CVE-2015-5018 2016-01-02 01h00 +00:00 IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
8
Haute