Skip to main content

Security Access Manager For Web

17 CVEs product

Monthly

CVE-2017-1489 MEDIUM This Month

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Tivoli Access Manager For E Business Security Access Manager For Web Software Security Access Manager For Web Appliance +3
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3045 LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-3018 MEDIUM This Month

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Access Manager Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-3028 CRITICAL Act Now

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Access Manager Security Access Manager For Web
NVD
CVSS 3.0
9.1
EPSS
0.6%
CVE-2015-4963 HIGH This Week

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-6089 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-6088 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6087 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6086 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6084 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6083 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6082 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2014-6080 MEDIUM This Month

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-6078 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6077 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Security Access Manager For Web Security Access Manager For Mobile
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-6076 MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile Security Access Manager For Web
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6329 HIGH PATCH This Week

IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Content Manager Ondemand For Multiplatforms Global Security Kit Security Access Manager For Web
NVD
CVSS 2.0
7.8
EPSS
2.4%
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Tivoli Access Manager For E Business +5
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Security Access Manager for Web stores sensitive information in URL parameters. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Access Manager +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Access Manager +2
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Access Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Access Manager For Web +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Security Access Manager For Web +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager For Mobile +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Access Manager For Mobile +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Content Manager Ondemand For Multiplatforms +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy