The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
IBM
Information Disclosure
Security Access Manager For Web 8 0 Firmware
Security Access Manager For Web Appliance
NVD
CVSS 2.0
3.3
EPSS
0.1%