Ibm Security_access_manager_9.0_firmware
22 CVEs affecting Ibm Security_access_manager_9.0_firmware. Latest disclosed: 2017-11-13. Critical: 1, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-2908 | Critical | 9.1 | 2017-02-01 | IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML d… |
CVE-2017-1453 | High | 8.8 | 2017-11-13 | IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-cra… |
CVE-2016-3029 | High | 8.8 | 2017-02-01 | IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tra… |
CVE-2017-1477 | High | 8.1 | 2017-11-13 | IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exp… |
CVE-2015-5018 | High | 8.0 | 2016-01-02 | IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticat… |
CVE-2016-5919 | High | 7.5 | 2017-02-16 | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly s… |
CVE-2016-3017 | High | 7.5 | 2017-02-01 | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. |
CVE-2015-5012 | High | 7.5 | 2016-02-15 | The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not pro… |
CVE-2015-5010 | High | 7.5 | 2016-02-15 | IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid log… |
CVE-2016-3019 | Medium | 6.5 | 2017-06-07 | IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive informati… |
CVE-2016-3027 | Medium | 6.5 | 2017-02-01 | IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A re… |
CVE-2016-3022 | Medium | 6.5 | 2017-02-01 | IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. |
CVE-2015-8531 | Medium | 6.1 | 2016-02-15 | Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to in… |
CVE-2016-3043 | Medium | 5.9 | 2017-02-01 | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transpo… |
CVE-2015-5013 | Medium | 5.5 | 2017-02-08 | The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. |
CVE-2016-3020 | Medium | 5.5 | 2017-02-07 | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validatio… |
CVE-2016-3023 | Medium | 5.3 | 2017-02-01 | IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. |
CVE-2016-3016 | Medium | 4.4 | 2017-02-01 | IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, whi… |
CVE-2016-3051 | Medium | 4.3 | 2017-06-07 | IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. |
CVE-2016-3024 | Medium | 4.0 | 2017-02-01 | IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. |