Ibm Security_access_manager_for_mobile
21 CVEs affecting Ibm Security_access_manager_for_mobile. Latest disclosed: 2017-08-29. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-3025 | High | 8.1 | 2016-11-25 | IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts… |
CVE-2016-5919 | High | 7.5 | 2017-02-16 | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly s… |
CVE-2017-1489 | Medium | 6.1 | 2017-08-29 | IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redi… |
CVE-2016-3018 | Medium | 6.1 | 2017-02-01 | IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… |
CVE-2016-3043 | Medium | 5.9 | 2017-02-01 | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transpo… |
CVE-2015-5013 | Medium | 5.5 | 2017-02-08 | The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. |
CVE-2016-3020 | Medium | 5.5 | 2017-02-07 | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validatio… |
CVE-2016-3045 | Low | 3.7 | 2017-02-01 | IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access… |
CVE-2016-3046 | Low | 2.7 | 2017-02-01 | IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacke… |
CVE-2014-6089 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticat… | |
CVE-2014-6088 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers t… | |
CVE-2014-6087 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remot… | |
CVE-2014-6086 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS… | |
CVE-2014-6084 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remot… | |
CVE-2014-6083 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers t… | |
CVE-2014-6082 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticat… | |
CVE-2014-6080 | | 2014-12-18 | SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before… | |
CVE-2014-6078 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout pe… | |
CVE-2014-6077 | | 2014-12-18 | Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0… | |
CVE-2014-6076 | | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers t… |