IBM Security Access Manager 9.0.0

CPE Details

IBM Security Access Manager 9.0.0
ibm
security_access_manager
9.0.0
2016-11-29
17h36 +00:00
2016-11-29
17h36 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

security_access_manager

Version

9.0.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-4461 2020-05-20 12h35 +00:00 IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.
6.5
Moyen
CVE-2019-4036 2019-10-25 16h30 +00:00 IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.
7.5
Haute
CVE-2017-1474 2018-06-06 17h00 +00:00 IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
5.3
Moyen
CVE-2017-1476 2018-06-06 17h00 +00:00 IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
5.9
Moyen
CVE-2017-1480 2018-06-06 17h00 +00:00 IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
4.3
Moyen
CVE-2018-1443 2018-03-08 16h00 +00:00 An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
5.9
Moyen
CVE-2016-3018 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
6.1
Moyen
CVE-2016-3045 2017-02-01 19h00 +00:00 IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
3.7
Bas
CVE-2016-3025 2016-11-25 02h38 +00:00 IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
8.1
Haute
CVE-2016-3028 2016-11-25 02h38 +00:00 IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
9.1
Critique