Ibm Security Access Manager
29 CVEs affecting Ibm Security Access Manager. Latest disclosed: 2021-07-15. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1453 | High | 8.8 | 2017-11-13 | IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-cra… |
CVE-2017-1477 | High | 8.1 | 2017-11-13 | IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exp… |
CVE-2019-4145 | High | 7.7 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks… |
CVE-2021-20439 | High | 7.5 | 2021-07-15 | IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized u… |
CVE-2019-4036 | High | 7.5 | 2019-10-25 | IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. |
CVE-2019-4135 | High | 7.5 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-… |
CVE-2020-4499 | High | 7.3 | 2020-10-15 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentica… |
CVE-2019-4153 | Medium | 6.8 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victi… |
CVE-2016-3019 | Medium | 6.5 | 2017-06-07 | IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informati… |
CVE-2019-4552 | Medium | 6.1 | 2020-10-15 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this… |
CVE-2019-4157 | Medium | 6.1 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th… |
CVE-2019-4156 | Medium | 5.9 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inf… |
CVE-2019-4151 | Medium | 5.9 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inf… |
CVE-2017-1476 | Medium | 5.9 | 2018-06-06 | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, ca… |
CVE-2018-1443 | Medium | 5.9 | 2018-03-08 | An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity M… |
CVE-2019-4158 | Medium | 5.4 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality t… |
CVE-2020-4699 | Medium | 5.3 | 2020-10-12 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which cou… |
CVE-2020-4661 | Medium | 5.3 | 2020-10-12 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which cou… |
CVE-2020-4660 | Medium | 5.3 | 2020-10-12 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which cou… |
CVE-2017-1474 | Medium | 5.3 | 2018-06-06 | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The inform… |