Vulnerabilites related to ibm - security_access_manager
Vulnerability from fkie_nvd
Published
2018-06-06 17:29
Modified
2024-11-21 03:21
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012310 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104501 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012310 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104501 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_mobile | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F51B15B3-FE28-412E-97B5-4CF536074CD2", versionEndIncluding: "9.0.3.1", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", matchCriteriaId: "A76B6ACA-0778-4513-9EE8-3AC0F4BEE571", versionEndIncluding: "7.0.0.32", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", matchCriteriaId: "D009088C-AD9E-4C49-944D-05E0714F327D", versionEndIncluding: "8.0.1.6", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", matchCriteriaId: "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC", versionEndIncluding: "8.0.1.6", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.", }, { lang: "es", value: "IBM InfoSphere Information Server 7.0.0, desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas man-in-the-Middle (MitM). IBM X-Force ID: 128610.", }, ], id: "CVE-2017-1476", lastModified: "2024-11-21T03:21:55.993", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-06T17:29:00.327", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012310", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104501", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-08 16:29
Modified
2024-11-21 03:59
Severity ?
5.9 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | tivoli_federated_identity_manager | 6.2.0 | |
| ibm | tivoli_federated_identity_manager | 6.2.1 | |
| ibm | tivoli_federated_identity_manager | 6.2.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "706535A6-BE47-4AFA-BB65-00B72043D1A3", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E508843E-DEA8-433D-AFD5-2730D2745E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F674F64E-F51F-4F5E-AFCD-952958E66FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*", matchCriteriaId: "93F48368-9617-4EE6-BF7A-6873229C0D66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.", }, { lang: "es", value: "Una vulnerabilidad de análisis sintáctico de XML afecta a los sistemas SSO (Single Sign On) basados en SAML de IBM (IBM Security Access Manager 9.0.0 - 9.0.4 e IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.). Esta vulnerabilidad puede permitir que un atacante con acceso autenticado engañe a los sistemas SAML para que se autentique como un usuario diferente sin conocer la contraseña de usuario de la víctima. IBM X-Force ID: 139754.", }, ], id: "CVE-2018-1443", lastModified: "2024-11-21T03:59:49.887", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-08T16:29:00.407", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014160", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014161", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103365", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040454", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040455", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103365", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-11 17:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012323 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102502 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040172 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128613 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012323 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102502 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040172 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128613 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager_9.0_firmware | 9.0.0 | |
| ibm | security_access_manager_9.0_firmware | 9.0.0.1 | |
| ibm | security_access_manager_9.0_firmware | 9.0.1.0 | |
| ibm | security_access_manager_9.0_firmware | 9.0.2.0 | |
| ibm | security_access_manager_9.0_firmware | 9.0.2.1 | |
| ibm | security_access_manager_9.0_firmware | 9.0.3 | |
| ibm | security_access_manager_9.0_firmware | 9.0.3.1 | |
| ibm | security_access_manager | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6B5B6BD9-C0DF-4359-A6C1-F66E24912800", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "847598BF-977A-4592-A6A1-2C7F04F29FDC", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "D95683B6-E2A5-43AF-A02E-B746DBE871D0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C4E29AFB-FE70-4619-A09A-CE205374BFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "E529E4C8-6B64-4B44-9194-76AE1471717E", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9B8A2F70-0467-47CC-856F-E42094F0FEE2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:security_access_manager:9.0:*:*:*:*:*:*:*", matchCriteriaId: "465CFA08-AE0B-45CA-9A71-563BBEA02CA3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.", }, { lang: "es", value: "La versión 9.0.0 de IBM Security Access Manager Appliance permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 128613.", }, ], id: "CVE-2017-1478", lastModified: "2024-11-21T03:21:56.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-11T17:29:00.197", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012323", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102502", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040172", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102502", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, podría permitir a un atacante remoto conducir ataques de phishing, usando un ataque de tipo redireccionamiento abierto. Mediante la persuasión de una víctima a que visite un sitio web especialmente creado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL que es desplegada para redireccionar a un usuario a un sitio web malicioso que parece ser de confianza. Esto podría permitir al atacante obtener información muy confidencial o conducir más ataques contra la víctima. ID de IBM X-Force: 158517.", }, ], id: "CVE-2019-4153", lastModified: "2024-11-21T04:43:14.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.633", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-15 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6348046 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6348046 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_verify_access | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "58BFDCF5-D32F-4C5D-8F1C-75932843157F", versionEndExcluding: "9.0.7.2", versionStartIncluding: "9.0.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", matchCriteriaId: "4A6EA022-9E98-4AEB-9B98-8BC6061141EE", versionEndExcluding: "10.0.0.1", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un cliente Oauth público no autorizado omitir algunas o todas las comprobaciones de autenticación y conseguir acceso a las aplicaciones. IBM X-Force ID: 182216", }, ], id: "CVE-2020-4499", lastModified: "2024-11-21T05:32:49.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-15T13:15:12.913", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6348046", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-28 16:15
Modified
2024-11-21 09:19
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6", versionEndIncluding: "10.0.7.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.", }, { lang: "es", value: "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podría permitir que un usuario local obtenga información confidencial del contenedor debido a permisos predeterminados incorrectos. ID de IBM X-Force: 292415.", }, ], id: "CVE-2024-35139", lastModified: "2024-11-21T09:19:49.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-28T16:15:04.380", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no invalida los tokens de sesión de manera oportuna. La falta de una expiración de sesión apropiada puede permitir a los atacantes con acceso local iniciar sesión en una sesión de navegador cerrada. ID de IBM X-Force: 158515.", }, ], id: "CVE-2019-4152", lastModified: "2024-11-21T04:43:14.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.570", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-384", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006959 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100592 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039227 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100592 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039227 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | VDB Entry, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7CAE25B3-55F6-4D93-9110-26323F5D6CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB8C962-AAEA-4005-BC6B-7768310295E6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "86E64D67-84B1-4B22-B68C-AAFA68149206", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D3B0FD7F-8007-41F8-A0B3-0C11B9F6D2BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "C7255EFB-AE47-45E9-853E-5242D350A04E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "26F1E4CC-0FE8-4D18-9507-74131B8F21E8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "624215F6-12DE-42B5-98AE-29F30C759690", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B57D6417-ECB7-4A02-8C01-6E85087AD073", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "92FF03BE-E1FC-491A-BBA5-0C67B9EC0F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "9B9EFD7C-D827-4079-BBA5-38601F1DA571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C54E2A37-F451-4109-A367-A35D38D8E44C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "24BBDD80-3EBA-4F5E-89BC-4107431B813F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "2826D12C-893B-4045-98C0-60FDBB5EC252", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "1678A4B5-E2BB-41A2-9238-D0D34B189D1D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "B4412073-8390-46B3-94A6-20D7B8075838", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "0E0AE0FD-6595-4132-8715-D2B859B04EB4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "4256CF5F-8B99-4C5D-B67B-840DE56412EF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "7CA0D2F3-31B5-4AF8-B6E0-6795A240F094", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "37632E93-91AA-47A6-9EF7-EB5A6FC4B843", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.19:*:*:*:*:*:*:*", matchCriteriaId: "937C104A-74B7-4FC4-B436-42C14C4E4339", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E4449E78-A1A2-423C-A9A4-5AB8ED7B1D3C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.21:*:*:*:*:*:*:*", matchCriteriaId: "32B351D1-5DB8-4C6D-8CA8-C22E6DE66D21", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.22:*:*:*:*:*:*:*", matchCriteriaId: "FC8671CD-4FEA-4408-B594-ED8B7BD8543F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.23:*:*:*:*:*:*:*", matchCriteriaId: "CEB5C09B-0681-42A1-AF82-15E91CD94787", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.24:*:*:*:*:*:*:*", matchCriteriaId: "1083BB5E-C153-46D1-8FEE-63AEB52B5546", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.25:*:*:*:*:*:*:*", matchCriteriaId: "59231981-02BF-4998-A86F-BFF6B4B79CED", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.26:*:*:*:*:*:*:*", matchCriteriaId: "E912624A-33B5-4AF5-96DB-292C14B0A37D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.27:*:*:*:*:*:*:*", matchCriteriaId: "DB434802-50F4-4FCB-B674-C92FC5046140", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.28:*:*:*:*:*:*:*", matchCriteriaId: "A0553613-6429-4202-B9F1-CB2F58412D82", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.29:*:*:*:*:*:*:*", matchCriteriaId: "EC68FC7C-F67D-44C7-AAA7-ECD2DB27C286", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.30:*:*:*:*:*:*:*", matchCriteriaId: "7F7D529E-724A-4AC6-91AA-9C771C980471", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.31:*:*:*:*:*:*:*", matchCriteriaId: "12664D6B-1DF6-455E-99CB-08AF7A3C926E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8FDBFAE1-351E-4E9F-877E-E9BBB50FCFF8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BE91D383-8FCF-4352-9DE4-306F99171785", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "318A64DE-04E9-4A55-85D7-1079EECD7175", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "8961882B-0715-4B61-8343-9225BDDBC9E1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "699C6485-0FA4-47EE-9081-0332D0B1F8AD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "6165F468-26EE-4AA7-B806-007F78AFD754", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "25C01EE0-7BE2-420C-B538-A15589D9A019", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "6DFB52D6-9F29-49C1-83CC-CE662253488B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "B4B247D8-4BEC-41BC-822E-5C31A8AECCAC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.9:*:*:*:*:*:*:*", matchCriteriaId: "8A32A31D-266C-47D9-B11D-3C2DAEF6A025", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.10:*:*:*:*:*:*:*", matchCriteriaId: "8D32BB3A-3404-4B3B-AEBF-BF40B0CDC426", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.11:*:*:*:*:*:*:*", matchCriteriaId: "2958706F-D4E1-41C0-A341-2E045A110E68", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.12:*:*:*:*:*:*:*", matchCriteriaId: "4E149CF2-75F4-43E8-9B1C-657D95403AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.13:*:*:*:*:*:*:*", matchCriteriaId: "FE300627-1032-405E-96CC-B8CDF03C2326", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.14:*:*:*:*:*:*:*", matchCriteriaId: "745799EB-8664-40D6-907B-9B8F640860E5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.15:*:*:*:*:*:*:*", matchCriteriaId: "097C64C6-9C0E-463A-8EEB-2906D9131887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.16:*:*:*:*:*:*:*", matchCriteriaId: "CEF8D79D-0859-4943-A3A9-0C2F4183A9B1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.17:*:*:*:*:*:*:*", matchCriteriaId: "8F491FA5-27ED-454B-850E-76DF60960D69", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.18:*:*:*:*:*:*:*", matchCriteriaId: "24610D16-7235-4EE2-AF20-AAAFCDF749D0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.19:*:*:*:*:*:*:*", matchCriteriaId: "DB4406DA-9DC1-4F76-9D2B-BE5BD8FB31F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.20:*:*:*:*:*:*:*", matchCriteriaId: "AC7E8F5B-743B-4778-B096-1A2F950A31BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.21:*:*:*:*:*:*:*", matchCriteriaId: "3930684E-FA31-42CB-8750-097ABEBE643B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.22:*:*:*:*:*:*:*", matchCriteriaId: "7B733C54-4DDA-4491-A6A0-F07D7D879900", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.23:*:*:*:*:*:*:*", matchCriteriaId: "3F34676D-8537-4C7A-9C25-EF6973C0AD81", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.24:*:*:*:*:*:*:*", matchCriteriaId: "1A8CB2D8-D1EC-429B-8C8B-48AF082C5FD2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.25:*:*:*:*:*:*:*", matchCriteriaId: "C3B0FF96-BF36-40A7-99B5-9904785D4A7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.26:*:*:*:*:*:*:*", matchCriteriaId: "E08CB452-3475-4143-AD28-550E130A33B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.27:*:*:*:*:*:*:*", matchCriteriaId: "4D86E921-FF6A-4045-B853-0D6F86BF2475", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.28:*:*:*:*:*:*:*", matchCriteriaId: "B582DA4C-9457-4EDD-A47B-66DB213198AB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.29:*:*:*:*:*:*:*", matchCriteriaId: "575D7BEE-0DB2-435D-844E-387590EF087A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.30:*:*:*:*:*:*:*", matchCriteriaId: "4D9BAD4E-9F38-4AB7-A566-834A97CD1A86", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*", matchCriteriaId: "BACDCBD6-EEF3-4259-9866-A89105AA4C19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "536755AC-3FA7-4FA4-8CA3-0E1D4CB0FB43", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "68DB06C6-84B3-4DC6-AEE9-9DA49715A3BF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "B894B409-DC42-4FA4-8864-387635B55F12", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B52B9A91-EDAF-43CC-A271-02ADCD691875", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "3F740591-A399-49AC-911B-9ADD117B5BEB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A4EB9A2D-0ABF-46C3-A742-959CC39070DC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4B832D0A-923B-4F4B-9F81-BA1BA2E7A920", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "F4EA2E35-08D1-4A2F-8941-0C87DF1BFC2C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.9:*:*:*:*:*:*:*", matchCriteriaId: "A953FA93-A982-4104-8D6A-685E53613691", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.10:*:*:*:*:*:*:*", matchCriteriaId: "BE0028F4-5A36-4597-9830-46CFE5CF2EE5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.11:*:*:*:*:*:*:*", matchCriteriaId: "FE607CA8-FB8A-4373-A345-822D5ABEA408", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0CB32198-9382-43CC-9079-08D2162B4C79", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.13:*:*:*:*:*:*:*", matchCriteriaId: "4336D4DD-5DE4-441E-B852-A2E1409953CC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.14:*:*:*:*:*:*:*", matchCriteriaId: "FDCBBC83-DCE2-4522-9808-8EFA63485388", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.15:*:*:*:*:*:*:*", matchCriteriaId: "66159D17-FAB8-408A-90FA-62E9F840B568", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.16:*:*:*:*:*:*:*", matchCriteriaId: "0D79656C-0F25-4647-BE54-AAF0336C7BB5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.17:*:*:*:*:*:*:*", matchCriteriaId: "940F82D3-5809-42DC-92B5-F699C34F6996", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.18:*:*:*:*:*:*:*", matchCriteriaId: "6994DE96-2967-4C7C-A896-B68E064C41C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.19:*:*:*:*:*:*:*", matchCriteriaId: "55734E7A-D2CA-490F-8BAC-F47CE1A2F3FB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.20:*:*:*:*:*:*:*", matchCriteriaId: "E9047D70-83D3-4D45-8A16-4299A0D06D17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.21:*:*:*:*:*:*:*", matchCriteriaId: "65F66744-ABFA-4EB1-ACFB-FF88E0F20BBA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.22:*:*:*:*:*:*:*", matchCriteriaId: "33C28A38-46FA-4878-9F03-D9ACB510ED88", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.23:*:*:*:*:*:*:*", matchCriteriaId: "9D2EC653-CE7B-45A2-AB9F-F760646A4682", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.24:*:*:*:*:*:*:*", matchCriteriaId: "94EF01E4-FBF5-4AF5-A6E8-BECF6052F72F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.25:*:*:*:*:*:*:*", matchCriteriaId: "2F0E063D-2C5E-4619-9176-9D28716BEDC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.26:*:*:*:*:*:*:*", matchCriteriaId: "CC30B443-ACDB-4D10-88F2-07DAF8684C04", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.27:*:*:*:*:*:*:*", matchCriteriaId: "E843FD37-844C-4359-9465-30C95B5F0831", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.28:*:*:*:*:*:*:*", matchCriteriaId: "5FE19EBF-68CA-4075-9A6D-B3DB7FF5DB6D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.29:*:*:*:*:*:*:*", matchCriteriaId: "D424803C-85C3-4860-B842-93B98554070D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.30:*:*:*:*:*:*:*", matchCriteriaId: "DC489116-D486-4388-8E93-E6E98EA81868", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*", matchCriteriaId: "53A3B2B3-52B4-4086-9092-364649265F5E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E24ACD0C-D825-4B2B-9483-66F0B815CB24", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2CD382BC-2AA1-448E-BC8E-CAB2408995BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "23A074B8-A709-44F1-9CB9-7BF2590989C9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3F73936C-442D-4857-99B3-605E55D82833", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "54243412-CB97-4752-A31A-3CB6A757E495", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "BD9CF344-C187-4D60-8C90-2FB459883D6E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "97AF8910-3F9A-407F-9834-B57D5807693D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "DFB1BA86-C809-414E-8F58-2B6101518FB2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC1634D4-28AB-4F12-B5FB-D32742F5836B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.10:*:*:*:*:*:*:*", matchCriteriaId: "1EA35BD4-8738-47D3-A8F0-F9ABE4AEB985", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.11:*:*:*:*:*:*:*", matchCriteriaId: "344FE134-DE7B-4925-875E-097DD0AB9AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.12:*:*:*:*:*:*:*", matchCriteriaId: "674FFA61-8F2A-43FB-BF51-68700698703C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.13:*:*:*:*:*:*:*", matchCriteriaId: "332D3784-C24E-45A7-880B-0C4A32687B69", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.14:*:*:*:*:*:*:*", matchCriteriaId: "CF0738FC-EAC8-45C4-ADA9-06DBE3D9EADF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.15:*:*:*:*:*:*:*", matchCriteriaId: "837D32E7-CFB7-462B-8479-E9811C149775", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.16:*:*:*:*:*:*:*", matchCriteriaId: "A7BE362F-72B3-481A-ABF4-4A36F4535F55", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.17:*:*:*:*:*:*:*", matchCriteriaId: "C73DE810-1D11-4480-AF62-DC37F22DCC71", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.18:*:*:*:*:*:*:*", matchCriteriaId: "31D161F8-D61A-40DF-AA14-5256DD394082", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.19:*:*:*:*:*:*:*", matchCriteriaId: "154B6E05-54C8-4271-A904-21CA6A2E6F6D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.20:*:*:*:*:*:*:*", matchCriteriaId: "6389F03A-3547-44B1-9603-947735FC31B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.21:*:*:*:*:*:*:*", matchCriteriaId: "E2735E77-B9ED-4608-AFA5-969E039C82F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.22:*:*:*:*:*:*:*", matchCriteriaId: "0C58102A-8817-4656-AB85-07D60CB2D10F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.23:*:*:*:*:*:*:*", matchCriteriaId: "461046D0-29C2-4152-B4D2-C60E9A04EE07", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.24:*:*:*:*:*:*:*", matchCriteriaId: "99EB7777-7CA5-41CB-98BC-AFC254E02C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.25:*:*:*:*:*:*:*", matchCriteriaId: "0CFFABA7-86BD-4201-89F9-0F61E673DB90", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.26:*:*:*:*:*:*:*", matchCriteriaId: "F472F171-9FF2-4C44-AF5B-9CBA19E62A73", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.27:*:*:*:*:*:*:*", matchCriteriaId: "5675CDEE-09CB-49D9-8C71-0CD71238129F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.28:*:*:*:*:*:*:*", matchCriteriaId: "69978C3B-708B-4CDC-8FA0-65A98F2223E9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.29:*:*:*:*:*:*:*", matchCriteriaId: "74CAA03E-DE79-4527-918D-EA219DC2DA84", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.30:*:*:*:*:*:*:*", matchCriteriaId: "5DB312B8-7B65-4CE9-B399-2896450B5647", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*", matchCriteriaId: "6A4AD958-FDB2-4F63-AD4F-C88B33BFA692", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "397073E9-9696-4B4C-926D-668EA4A52E7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "643E7B97-17AB-4209-804E-79E94F3D671F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4F807870-4976-43E1-89BE-F08DEEE109CD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "B2B3E49D-08E6-44CF-B034-D155247B5DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E9F50A5E-111B-4CF6-A531-FE88E7735140", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "D54372BE-6201-48AB-A720-F29E931E52B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.22:*:*:*:*:*:*:*", matchCriteriaId: "BCCE958E-6DFA-403E-B251-F5BA7825A546", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.31:*:*:*:*:*:*:*", matchCriteriaId: "9DA2F71C-E15F-4729-A0D9-C8C116819546", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39017599-E63F-4101-8D37-62D9B0CE6917", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AB037932-234B-41AD-8119-D964796ADDFD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8BA1DA71-91C8-4989-98B9-E924ED7B272A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3F884817-A712-4A89-B199-2E2483CD8363", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "52F627D1-6FB4-47A2-817D-F9EC914DAC51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "6C428319-FFE3-4365-ABFE-1E6D1CABC0C1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "79613B00-9B72-43BB-A42A-3BB191021ED7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*", matchCriteriaId: "FF1B0C02-D5D9-4F10-9120-C76D39D5C323", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44310E32-EA05-420B-8676-4E6EEAFB6631", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8B93CED0-E8FA-4238-8963-46074D11A334", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "907BB0CF-D270-4493-8D61-9841E6C5FE45", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "E0801BD2-D95B-4703-9804-A555F9E7BA19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "525EF7EC-712E-4C84-A15C-B2A30BD11A01", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "2EE90667-0C16-4E4B-98DC-A6AD7A073D64", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.22:*:*:*:*:*:*:*", matchCriteriaId: "049DD26B-9CF5-4E0C-812E-76A1224A15FA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.31:*:*:*:*:*:*:*", matchCriteriaId: "909073A4-C6D5-47D7-911F-C855DB693EF0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A523C406-D64C-4CE6-8CBE-34D4C060E0C1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "707F0FE4-EC91-44FF-AA21-1E2A99AC5C26", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F0D646B2-7308-43A0-AE76-873946FB024E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "4B1988E5-DFE6-4282-B9D3-6655297B481B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "4BEF4063-73D7-416D-AD21-CDC1C0534677", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A8DFC0D0-2326-40CA-B4CC-65194566DA98", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*", matchCriteriaId: "1A180463-EDE0-47DB-A031-979E73AA2A33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9FF57E01-A333-49D7-8B25-D65B66410DF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A6B67748-2677-44E7-B43D-857EBCA926C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2AEE420D-4686-4C58-B77A-2E509983F4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "D2C9CD3B-A25E-4DD1-9955-39E6E1EB4DC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "AA399A01-351E-4587-9B0B-804452F09832", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "FC682158-A8A0-4D2D-9ACD-ADF4093B7ECC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:if1:*:*:*:*:*:*", matchCriteriaId: "A483F61A-0DAC-43DB-B69B-37A6207C1CF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.", }, { lang: "es", value: "Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podrían estar afectadas por una vulnerabilidad de redirección. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. IBM X-Force ID: 128687.", }, ], id: "CVE-2017-1489", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-29T01:35:13.517", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22006959", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100592", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039227", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22006959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100592", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-15 13:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_verify_access | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "58BFDCF5-D32F-4C5D-8F1C-75932843157F", versionEndExcluding: "9.0.7.2", versionStartIncluding: "9.0.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", matchCriteriaId: "4A6EA022-9E98-4AEB-9B98-8BC6061141EE", versionEndExcluding: "10.0.0.1", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, son vulnerables a unos ataques de división de respuesta HTTP. Un atacante remoto podría explotar esta vulnerabilidad usando una URL especialmente diseñada y causar que el servidor devuelva una respuesta dividida, una vez que se hace clic en la URL. Esto permitiría al atacante llevar a cabo más ataques, como un envenenamiento de la caché web, un cross-site scripting y posiblemente obtener información confidencial.  IBM X-Force ID: 165960", }, ], id: "CVE-2019-4552", lastModified: "2024-11-21T04:43:43.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-15T13:15:12.807", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6348046", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es afectado por una vulnerabilidad de seguridad que podría permitir a usuarios autenticados hacerse pasar por otros usuarios. ID de IBM X-Force: 158331.", }, ], id: "CVE-2019-4135", lastModified: "2024-11-21T04:43:12.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.320", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150019 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150019 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 para Enterprise Single-Sign On es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. IBM X-Force ID: 150019.", }, ], id: "CVE-2018-1815", lastModified: "2024-11-21T04:00:26.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.993", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149702 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149702 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 podría permitir que un atacante remoto secuestre la acción de clicado de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clicado de la víctima y, probablemente, lanzar más ataques contra la víctima. IBM X-Force ID: 149702.", }, ], id: "CVE-2018-1803", lastModified: "2024-11-21T04:00:24.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.697", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1021", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/254638 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/254638 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6", versionEndIncluding: "10.0.7.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.", }, { lang: "es", value: "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podría permitir que un usuario local obtenga acceso raíz debido a controles de acceso inadecuados. ID de IBM X-Force: 254638.", }, ], id: "CVE-2023-30997", lastModified: "2024-11-21T08:01:12.673", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-27T19:15:10.800", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-250", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 18:15
Modified
2024-11-21 08:13
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6", versionEndIncluding: "10.0.7.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.", }, { lang: "es", value: "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 261198.", }, ], id: "CVE-2023-38371", lastModified: "2024-11-21T08:13:26.153", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-27T18:15:12.880", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6 no comprueba, o comprueba incorrectamente, un certificado que podría permitir a un atacante falsificar una entidad confiable utilizando un ataque de tipo Man-in-the-middle (MITM). ID de IBM X-Force: 158510.", }, ], id: "CVE-2019-4150", lastModified: "2024-11-21T04:43:14.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.447", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-25 17:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156159 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1072704 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156159 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1072704 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4C54DEF2-5561-4569-A9CD-95834C4CDEA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", }, { lang: "es", value: "IBM Security Access Manager Appliance, podría permitir a un atacante no autenticado causar una denegación de servicio en el componente proxy inverso. ID de IBM X-Force: 156159.", }, ], id: "CVE-2019-4036", lastModified: "2024-11-21T04:43:04.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-25T17:15:11.023", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1072704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1072704", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, se podría mostrar altamente sensible en condiciones especializadas a un usuario local, lo que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 158400.", }, ], id: "CVE-2019-4145", lastModified: "2024-11-21T04:43:13.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.2, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.383", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-15 16:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6471903 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6471903 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0 | |
| ibm | security_verify_access | 10.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0:*:*:*:*:*:*:*", matchCriteriaId: "A07E8FD2-2E54-45B6-AF1F-4AAA6479A58A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7548DF30-5F20-4A0E-97B2-D33BEE9D4785", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0 e IBM Security Verify Access Docker versión 10.0.0, almacenan las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario no autorizado", }, ], id: "CVE-2021-20439", lastModified: "2024-11-21T05:46:35.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-15T16:15:09.410", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6471903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6471903", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:00
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "840507C8-CEFC-4A47-A13E-A7AC5E3C621D", versionEndIncluding: "7.0.1.10", versionStartIncluding: "7.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.", }, { lang: "es", value: "IBM Security Identity Manager 7.0.1 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. IBM X-Force ID: 153751.", }, ], id: "CVE-2018-1970", lastModified: "2024-11-21T04:00:40.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-04T21:29:00.533", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10796380", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10796380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995435 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95103 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995435 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95103 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.5 | |
| ibm | security_access_manager_for_mobile | 8.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.1.2 | |
| ibm | security_access_manager_for_mobile | 8.0.1.3 | |
| ibm | security_access_manager_for_mobile | 8.0.1.4 | |
| ibm | security_access_manager_for_web | 7.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0 | |
| ibm | security_access_manager_for_web | 8.0.1 | |
| ibm | security_access_manager_for_web | 8.0.1.1 | |
| ibm | security_access_manager_for_web | 8.0.1.2 | |
| ibm | security_access_manager_for_web | 8.0.1.3 | |
| ibm | security_access_manager_for_web | 8.0.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F49FA0E2-5FEB-4831-980E-CFBE7E44277A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A6B67748-2677-44E7-B43D-857EBCA926C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2AEE420D-4686-4C58-B77A-2E509983F4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44310E32-EA05-420B-8676-4E6EEAFB6631", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "2EE90667-0C16-4E4B-98DC-A6AD7A073D64", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AA8844A0-17D5-4EE9-85C4-518DACE7C9D0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F0D646B2-7308-43A0-AE76-873946FB024E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "4B1988E5-DFE6-4282-B9D3-6655297B481B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "4BEF4063-73D7-416D-AD21-CDC1C0534677", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "58D7CF23-E40B-48FE-B1F2-BAD47500A98B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F6658BD1-B9F9-4C68-AC7B-66E0630ACD68", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5000C473-1151-4C1C-BCB8-C410D8BDA362", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AB037932-234B-41AD-8119-D964796ADDFD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8BA1DA71-91C8-4989-98B9-E924ED7B272A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3F884817-A712-4A89-B199-2E2483CD8363", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "52F627D1-6FB4-47A2-817D-F9EC914DAC51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.", }, { lang: "es", value: "IBM Security Access Manager para Web almacena información sensible en parámetros URL. Esto puede dar lugar a la divulgación de información si las partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado referente o el historial del navegador.", }, ], id: "CVE-2016-3045", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-01T20:59:00.817", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995435", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995435", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95103", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152078 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152078 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 152078.", }, ], id: "CVE-2018-1887", lastModified: "2024-11-21T04:00:32.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:01.227", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150018 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150018 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 150018.", }, ], id: "CVE-2018-1814", lastModified: "2024-11-21T04:00:24.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.947", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152021 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152021 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 divulga información sensible a usuarios no autorizados. Esta información puede emplearse para ejecutar más ataques en el sistema. IBM X-Force ID: 152021.", }, ], id: "CVE-2018-1886", lastModified: "2024-11-21T04:00:32.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:01.180", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149704 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149704 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 genera un mensaje de error que incluye información sensible sobre su entorno, usuarios o datos asociados. IBM X-Force ID: 149704.", }, ], id: "CVE-2018-1805", lastModified: "2024-11-21T04:00:24.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.850", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-22 12:29
Modified
2024-11-21 04:00
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10734555 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1042036 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10734555 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042036 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.3.1 | |
| ibm | security_access_manager | 9.0.4.0 | |
| ibm | security_access_manager | 9.0.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "AD07A755-FEBF-42BE-B276-5AC31997D7BB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "65D7D18A-FF5C-40EF-B4CF-322315865BD6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D14395C8-DBF0-4354-B9D0-5FCE351B84A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 y 9.0.5.0 podría permitir operaciones de administración no autorizadas cuando se está ejecutando el servicio Advanced Access Control. IBM X-Force ID: 150998.", }, ], id: "CVE-2018-1850", lastModified: "2024-11-21T04:00:30.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-22T12:29:00.237", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10734555", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042036", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10734555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-28 16:15
Modified
2024-11-21 09:19
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6", versionEndIncluding: "10.0.7.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.", }, { lang: "es", value: "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podría permitir que un usuario local posiblemente eleve sus privilegios debido a la exposición de información de configuración confidencial. ID de IBM X-Force: 292413.", }, ], id: "CVE-2024-35137", lastModified: "2024-11-21T09:19:49.143", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-28T16:15:04.150", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-258", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-521", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150017 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150017 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 emplea listas negras incompletas para validar entradas, lo que permite que los atacantes omitan los controles de la aplicación, lo que provoca un impacto directo al sistema y a la integridad de los datos. IBM X-Force ID: 150017.", }, ], id: "CVE-2018-1813", lastModified: "2024-11-21T04:00:24.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.897", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 | |
| ibm | security_verify_access | 10.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", matchCriteriaId: "B3AD6025-8584-4F57-AC38-FC60064F2622", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7548DF30-5F20-4A0E-97B2-D33BEE9D4785", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186142", }, ], id: "CVE-2020-4661", lastModified: "2024-11-21T05:33:03.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-12T13:15:12.493", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6346619", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149703 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149703 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 no establece el atributo \"secure\" en los tokens de autorización o las cookies de sesión. Esto podría permitir que un atacante explote esta vulnerabilidad para obtener información sensible empleando técnicas Man-in-the-Middle (MitM). IBM X-Force ID: 149703.", }, ], id: "CVE-2018-1804", lastModified: "2024-11-21T04:00:24.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.820", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-384", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 | |
| ibm | security_verify_access | 10.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", matchCriteriaId: "B3AD6025-8584-4F57-AC38-FC60064F2622", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7548DF30-5F20-4A0E-97B2-D33BEE9D4785", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186947", }, ], id: "CVE-2020-4699", lastModified: "2024-11-21T05:33:08.713", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-12T13:15:12.570", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6346619", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-20 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6211847 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6211847 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5F821BF5-C612-48B5-ADA7-FD3A28DBB391", versionEndExcluding: "9.0.7.1", versionStartIncluding: "9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.", }, { lang: "es", value: "El IBM Security Access Manager Appliance versión 9.0.7.1, podría permitir a un usuario autentificado omitir la seguridad al permitir una manipulación de las peticiones de id_token sin verificación. IBM X-Force ID: 181481.", }, ], id: "CVE-2020-4461", lastModified: "2024-11-21T05:32:45.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-20T13:15:09.940", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6211847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6211847", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.0.2 | |
| ibm | security_access_manager_for_mobile | 8.0.0.3 | |
| ibm | security_access_manager_for_mobile | 8.0.0.5 | |
| ibm | security_access_manager_for_mobile | 8.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.1.2 | |
| ibm | security_access_manager_for_mobile | 8.0.1.3 | |
| ibm | security_access_manager_for_mobile | 8.0.1.4 | |
| ibm | security_access_manager_for_web | 8.0.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0.1 | |
| ibm | security_access_manager_for_web | 8.0.0.2 | |
| ibm | security_access_manager_for_web | 8.0.0.3 | |
| ibm | security_access_manager_for_web | 8.0.0.5 | |
| ibm | security_access_manager_for_web | 8.0.1.0 | |
| ibm | security_access_manager_for_web | 8.0.1.2 | |
| ibm | security_access_manager_for_web | 8.0.1.3 | |
| ibm | security_access_manager_for_web | 8.0.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F49FA0E2-5FEB-4831-980E-CFBE7E44277A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A6B67748-2677-44E7-B43D-857EBCA926C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2AEE420D-4686-4C58-B77A-2E509983F4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44310E32-EA05-420B-8676-4E6EEAFB6631", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8B93CED0-E8FA-4238-8963-46074D11A334", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "907BB0CF-D270-4493-8D61-9841E6C5FE45", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "E0801BD2-D95B-4703-9804-A555F9E7BA19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "2EE90667-0C16-4E4B-98DC-A6AD7A073D64", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A523C406-D64C-4CE6-8CBE-34D4C060E0C1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F0D646B2-7308-43A0-AE76-873946FB024E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "4B1988E5-DFE6-4282-B9D3-6655297B481B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "4BEF4063-73D7-416D-AD21-CDC1C0534677", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "397073E9-9696-4B4C-926D-668EA4A52E7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "643E7B97-17AB-4209-804E-79E94F3D671F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4F807870-4976-43E1-89BE-F08DEEE109CD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "B2B3E49D-08E6-44CF-B034-D155247B5DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "D54372BE-6201-48AB-A720-F29E931E52B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39017599-E63F-4101-8D37-62D9B0CE6917", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8BA1DA71-91C8-4989-98B9-E924ED7B272A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3F884817-A712-4A89-B199-2E2483CD8363", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "52F627D1-6FB4-47A2-817D-F9EC914DAC51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", }, { lang: "es", value: "IBM Security Access Manager para Web es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza.", }, ], id: "CVE-2016-3018", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-01T20:59:00.487", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995347", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/96380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96380", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, no prueba que la identidad de un usuario sea la correcta, lo que puede conllevar a la exposición de recursos o funcionalidades a actores no deseados. ID de IBM X-Force: 158574", }, ], id: "CVE-2019-4158", lastModified: "2024-11-21T04:43:15.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.807", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 | |
| ibm | security_verify_access | 10.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", matchCriteriaId: "B3AD6025-8584-4F57-AC38-FC60064F2622", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7548DF30-5F20-4A0E-97B2-D33BEE9D4785", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186140", }, ], id: "CVE-2020-4660", lastModified: "2024-11-21T05:33:03.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-12T13:15:12.383", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6346619", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:13
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6", versionEndIncluding: "10.0.7.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.", }, { lang: "es", value: "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podría revelar información confidencial a un usuario local para realizar controles de permisos inadecuados. ID de IBM X-Force: 261195.", }, ], id: "CVE-2023-38368", lastModified: "2024-11-21T08:13:25.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-27T19:15:11.460", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "psirt@us.ibm.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158572.", }, ], id: "CVE-2019-4156", lastModified: "2024-11-21T04:43:15.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.680", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106272 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144726 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106272 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144726 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. IBM X-Force ID: 144726.", }, ], id: "CVE-2018-1653", lastModified: "2024-11-21T04:00:08.600", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.413", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106272", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:13
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6", versionEndIncluding: "10.0.7.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.", }, { lang: "es", value: "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1, en determinadas configuraciones, podría permitir a un usuario de la red instalar paquetes maliciosos. ID de IBM X-Force: 261197.", }, ], id: "CVE-2023-38370", lastModified: "2024-11-21T08:13:26.007", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-27T19:15:11.720", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-06 16:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6342889 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6342889 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DDA2ADBD-59D8-4B0C-89AA-EFEC8D120848", versionEndExcluding: "9.0.7.0", versionStartIncluding: "9.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.", }, { lang: "es", value: "IBM Security Access Manager Appliance versión 9.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión de confiable. IBM X-Force ID: 172131", }, ], id: "CVE-2019-4725", lastModified: "2024-11-21T04:44:03.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-06T16:15:12.357", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6342889", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6342889", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-25 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.0.2 | |
| ibm | security_access_manager_for_mobile | 8.0.0.3 | |
| ibm | security_access_manager_for_mobile | 8.0.0.4 | |
| ibm | security_access_manager_for_mobile | 8.0.0.5 | |
| ibm | security_access_manager_for_mobile | 8.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.1.2 | |
| ibm | security_access_manager_for_mobile | 8.0.1.3 | |
| ibm | security_access_manager_for_mobile | 8.0.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F49FA0E2-5FEB-4831-980E-CFBE7E44277A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A6B67748-2677-44E7-B43D-857EBCA926C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2AEE420D-4686-4C58-B77A-2E509983F4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44310E32-EA05-420B-8676-4E6EEAFB6631", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8B93CED0-E8FA-4238-8963-46074D11A334", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "907BB0CF-D270-4493-8D61-9841E6C5FE45", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "E0801BD2-D95B-4703-9804-A555F9E7BA19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "525EF7EC-712E-4C84-A15C-B2A30BD11A01", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "2EE90667-0C16-4E4B-98DC-A6AD7A073D64", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AA8844A0-17D5-4EE9-85C4-518DACE7C9D0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F0D646B2-7308-43A0-AE76-873946FB024E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "4B1988E5-DFE6-4282-B9D3-6655297B481B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "4BEF4063-73D7-416D-AD21-CDC1C0534677", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.", }, { lang: "es", value: "IBM Security Access Manager para Mobile 8.x en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.x en versiones anteriores a 9.0.1.0 IF5 no restringe adecuadamente intentos de inicio de sesión fallidos, lo que facilita a atacantes remotos obtener acceso a través de una aproximación de fuerza bruta.", }, ], id: "CVE-2016-3025", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-25T03:59:06.530", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21991107", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/93178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21991107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93178", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-254", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-06 17:29
Modified
2024-11-21 03:21
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012309 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104471 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012309 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104471 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_mobile | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F51B15B3-FE28-412E-97B5-4CF536074CD2", versionEndIncluding: "9.0.3.1", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", matchCriteriaId: "D009088C-AD9E-4C49-944D-05E0714F327D", versionEndIncluding: "8.0.1.6", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", matchCriteriaId: "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC", versionEndIncluding: "8.0.1.6", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.", }, { lang: "es", value: "IBM Security Access Manager Appliance desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 almacena información potencialmente sensible en archivos de registro que podrían ser leídos por un usuario remoto. IBM X-Force ID: 128617.", }, ], id: "CVE-2017-1480", lastModified: "2024-11-21T03:21:56.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-06T17:29:00.390", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012309", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104471", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148419 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148419 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1", versionEndIncluding: "9.0.5.0", versionStartIncluding: "9.0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. IBM X-Force ID: 148419.", }, ], id: "CVE-2018-1740", lastModified: "2024-11-21T04:00:17.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-13T16:29:00.647", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/254649 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/254649 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6", versionEndIncluding: "10.0.7.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.", }, { lang: "es", value: "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podría permitir que un usuario local obtenga acceso raíz debido a controles de acceso inadecuados. ID de IBM X-Force: 254649.", }, ], id: "CVE-2023-30998", lastModified: "2024-11-21T08:01:12.820", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-27T19:15:11.187", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-250", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-25 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_web | 7.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0.2 | |
| ibm | security_access_manager_for_web | 8.0.0.4 | |
| ibm | security_access_manager_for_web | 8.0.0.5 | |
| ibm | security_access_manager_for_web | 8.0.1 | |
| ibm | security_access_manager_for_web | 8.0.1.2 | |
| ibm | security_access_manager_for_web | 8.0.1.3 | |
| ibm | security_access_manager_for_web | 8.0.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F49FA0E2-5FEB-4831-980E-CFBE7E44277A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A6B67748-2677-44E7-B43D-857EBCA926C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2AEE420D-4686-4C58-B77A-2E509983F4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "58D7CF23-E40B-48FE-B1F2-BAD47500A98B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F6658BD1-B9F9-4C68-AC7B-66E0630ACD68", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4F807870-4976-43E1-89BE-F08DEEE109CD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E9F50A5E-111B-4CF6-A531-FE88E7735140", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "D54372BE-6201-48AB-A720-F29E931E52B3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5000C473-1151-4C1C-BCB8-C410D8BDA362", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8BA1DA71-91C8-4989-98B9-E924ED7B272A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3F884817-A712-4A89-B199-2E2483CD8363", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "52F627D1-6FB4-47A2-817D-F9EC914DAC51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.", }, { lang: "es", value: "IBM Security Access Manager para Web 7.0 en versiones anteriores a IF2 y 8.0 en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.1.0 IF5 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el acceso de administración LMI.", }, ], id: "CVE-2016-3028", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-25T03:59:07.627", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/93176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93176", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario Web, y por lo tanto, alterar la funcionalidad deseada que podría conllevar a la divulgación de credenciales dentro de una sesión confiable. ID de IBM X-Force: 158573.", }, ], id: "CVE-2019-4157", lastModified: "2024-11-21T04:43:15.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.727", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-06 17:29
Modified
2024-11-21 03:21
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012329 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104476 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012329 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104476 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_mobile | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_web | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F51B15B3-FE28-412E-97B5-4CF536074CD2", versionEndIncluding: "9.0.3.1", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", matchCriteriaId: "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC", versionEndIncluding: "8.0.1.6", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", matchCriteriaId: "A76B6ACA-0778-4513-9EE8-3AC0F4BEE571", versionEndIncluding: "7.0.0.32", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", matchCriteriaId: "D009088C-AD9E-4C49-944D-05E0714F327D", versionEndIncluding: "8.0.1.6", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.", }, { lang: "es", value: "IBM Security Access Manager Appliance 7.0.0, desde la versión 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 revela información sensible a usuarios no autorizados. Esta información puede emplearse para ejecutar más ataques en el sistema. IBM X-Force ID: 128606.", }, ], id: "CVE-2017-1474", lastModified: "2024-11-21T03:21:55.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-06T17:29:00.263", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012329", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104476", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-28 19:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1284034 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1284034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", matchCriteriaId: "B3AD6025-8584-4F57-AC38-FC60064F2622", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.", }, { lang: "es", value: "IBM Security Access Manager Appliance versión 9.0.7.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. ID de IBM X-Force: 172018.", }, ], id: "CVE-2019-4707", lastModified: "2024-11-21T04:44:02.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-28T19:15:14.217", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1284034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1284034", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-24 10:29
Modified
2024-11-21 04:00
Severity ?
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105145 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041557 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147370 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10719623 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105145 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041557 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147370 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10719623 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.4.0 | |
| ibm | security_access_manager | 9.0.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "65D7D18A-FF5C-40EF-B4CF-322315865BD6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:security_access_manager:9.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D14395C8-DBF0-4354-B9D0-5FCE351B84A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.", }, { lang: "es", value: "IBM Security Access Manager Appliance 9.0.4.0 y 9.0.5.0 podría permitir la ejecución remota de código cuando se están ejecutando los servicios Advanced Access Control o Federation. IBM X-Force ID: 147370.", }, ], id: "CVE-2018-1722", lastModified: "2024-11-21T04:00:15.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-24T10:29:05.897", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105145", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041557", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10719623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041557", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10719623", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "75EE7D5C-5F66-4134-A779-2E5E843B5C1A", versionEndIncluding: "9.0.6", versionStartIncluding: "9.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.", }, { lang: "es", value: "IBM Security Access Manager versión 9.0.1 hasta 9.0.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información muy confidencial. ID de IBM X-Force: 158512.", }, ], id: "CVE-2019-4151", lastModified: "2024-11-21T04:43:14.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-25T16:15:10.510", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2019-4135 (GCVE-0-2019-4135)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 21:02
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:28.144Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194135-priv-escalation (158331)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/AV:N/C:H/I:H/AC:H/UI:N/PR:L/A:H/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:29", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194135-priv-escalation (158331)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194135-priv-escalation (158331)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4135", datePublished: "2019-06-25T15:45:29.833548Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T21:02:23.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4157 (GCVE-0-2019-4157)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 17:17
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:36.857Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194157-xss (158573)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.8, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/UI:R/PR:N/A:N/S:C/AV:N/C:L/I:L/RC:C/E:H/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194157-xss (158573)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4157", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194157-xss (158573)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4157", datePublished: "2019-06-25T15:45:30.150987Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:17:40.379Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1480 (GCVE-0-2017-1480)
Vulnerability from cvelistv5
Published
2018-06-06 17:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012309 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104471 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.0.1 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 8.0.1.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:30.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012309", }, { name: "ibm-sam-cve20171480-info-disc(128617)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617", }, { name: "104471", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104471", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "8.0.0", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.1", }, { status: "affected", version: "8.0.1.2", }, { status: "affected", version: "8.0.1.3", }, { status: "affected", version: "8.0.1.4", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "8.0.1.5", }, { status: "affected", version: "9.0.2.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.3.1", }, { status: "affected", version: "8.0.1.6", }, ], }, ], datePublic: "2018-06-04T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-18T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012309", }, { name: "ibm-sam-cve20171480-info-disc(128617)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617", }, { name: "104471", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104471", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-04T00:00:00", ID: "CVE-2017-1480", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "8.0.0", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.1", }, { version_value: "8.0.1.2", }, { version_value: "8.0.1.3", }, { version_value: "8.0.1.4", }, { version_value: "9.0.0", }, { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "8.0.1.5", }, { version_value: "9.0.2.1", }, { version_value: "9.0.3", }, { version_value: "9.0.3.1", }, { version_value: "8.0.1.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22012309", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012309", }, { name: "ibm-sam-cve20171480-info-disc(128617)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617", }, { name: "104471", refsource: "BID", url: "http://www.securityfocus.com/bid/104471", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1480", datePublished: "2018-06-06T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T23:30:56.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4145 (GCVE-0-2019-4145)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:28.127Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194145-info-disc (158400)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:H/S:U/AV:L/C:H/PR:N/A:N/AC:L/UI:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:29", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194145-info-disc (158400)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194145-info-disc (158400)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4145", datePublished: "2019-06-25T15:45:29.879307Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T02:31:05.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4707 (GCVE-0-2019-4707)
Vulnerability from cvelistv5
Published
2020-01-28 18:30
Modified
2024-09-16 18:02
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1284034 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.7.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:49.047Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1284034", }, { name: "ibm-sam-cve20194707-xxe (172018)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7.0", }, ], }, ], datePublic: "2020-01-27T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/AC:L/C:H/AV:N/PR:L/UI:N/S:U/A:L/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-28T18:30:57", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1284034", }, { name: "ibm-sam-cve20194707-xxe (172018)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-01-27T00:00:00", ID: "CVE-2019-4707", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.7.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "H", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1284034", refsource: "CONFIRM", title: "IBM Security Bulletin 1284034 (Security Access Manager Appliance)", url: "https://www.ibm.com/support/pages/node/1284034", }, { name: "ibm-sam-cve20194707-xxe (172018)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4707", datePublished: "2020-01-28T18:30:57.548512Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T18:02:51.935Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-20439 (GCVE-0-2021-20439)
Vulnerability from cvelistv5
Published
2021-07-15 16:00
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6471903 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access Docker |
Version: 10.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:37:24.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6471903", }, { name: "ibm-sam-cve202120439-info-disc (196453)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access Docker", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0", }, ], }, ], datePublic: "2021-07-13T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/PR:N/AC:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-15T16:00:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6471903", }, { name: "ibm-sam-cve202120439-info-disc (196453)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-07-13T00:00:00", ID: "CVE-2021-20439", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access Docker", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6471903", refsource: "CONFIRM", title: "IBM Security Bulletin 6471903 (Security Verify Access Docker)", url: "https://www.ibm.com/support/pages/node/6471903", }, { name: "ibm-sam-cve202120439-info-disc (196453)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20439", datePublished: "2021-07-15T16:00:16.215865Z", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-09-16T20:06:17.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4156 (GCVE-0-2019-4156)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:36.889Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194156-info-disc (158572)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/UI:N/A:N/PR:N/S:U/AV:N/C:H/I:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194156-info-disc (158572)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4156", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194156-info-disc (158572)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4156", datePublished: "2019-06-25T15:45:30.105632Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T19:20:32.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3028 (GCVE-0-2016-3028)
Vulnerability from cvelistv5
Published
2016-11-25 03:38
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21990317 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93176 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 | vendor-advisory, x_refsource_AIXAPAR |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:15.159Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IV89257", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", }, { name: "93176", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93176", }, { name: "IV89322", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322", }, { name: "IV89326", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IV89257", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", }, { name: "93176", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93176", }, { name: "IV89322", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322", }, { name: "IV89326", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-3028", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IV89257", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", }, { name: "93176", refsource: "BID", url: "http://www.securityfocus.com/bid/93176", }, { name: "IV89322", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322", }, { name: "IV89326", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-3028", datePublished: "2016-11-25T03:38:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:15.159Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38368 (GCVE-0-2023-38368)
Vulnerability from cvelistv5
Published
2024-06-27 18:25
Modified
2024-08-24 10:48
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-38368", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T20:35:29.363503Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-27T20:35:35.900Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:39:12.875Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Access Manager Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.", }, ], value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-24T10:48:57.321Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Access Manager Docker information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38368", datePublished: "2024-06-27T18:25:39.896Z", dateReserved: "2023-07-16T00:53:28.840Z", dateUpdated: "2024-08-24T10:48:57.321Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-30997 (GCVE-0-2023-30997)
Vulnerability from cvelistv5
Published
2024-06-27 18:21
Modified
2024-08-24 10:45
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-30997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T20:35:52.373727Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-27T20:36:00.698Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T14:45:24.662Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Access Manager Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.", }, ], value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250 Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-24T10:45:33.799Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Access Manager Docker privilege escalation", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-30997", datePublished: "2024-06-27T18:21:12.373Z", dateReserved: "2023-04-21T17:50:04.654Z", dateUpdated: "2024-08-24T10:45:33.799Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-4461 (GCVE-0-2020-4461)
Vulnerability from cvelistv5
Published
2020-05-20 12:35
Modified
2024-09-16 22:26
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6211847 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.7.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:48.826Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6211847", }, { name: "ibm-sam-cve20204461-sec-bypass (181481)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7.1", }, ], }, ], datePublic: "2020-05-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:N/AV:N/UI:N/AC:L/PR:L/A:N/I:H/S:U/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-20T12:35:12", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6211847", }, { name: "ibm-sam-cve20204461-sec-bypass (181481)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-19T00:00:00", ID: "CVE-2020-4461", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.7.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "N", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6211847", refsource: "CONFIRM", title: "IBM Security Bulletin 6211847 (Security Access Manager Appliance)", url: "https://www.ibm.com/support/pages/node/6211847", }, { name: "ibm-sam-cve20204461-sec-bypass (181481)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4461", datePublished: "2020-05-20T12:35:12.314953Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T22:26:20.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1803 (GCVE-0-2018-1803)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 20:41
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/149702 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181803-clickjacking(149702)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181803-clickjacking(149702)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1803", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "C", UI: "R", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181803-clickjacking(149702)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1803", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:41:52.251Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1887 (GCVE-0-2018-1887)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152078 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sam-cve20181887-info-disc(152078)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:N/S:C/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sam-cve20181887-info-disc(152078)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1887", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sam-cve20181887-info-disc(152078)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078", }, { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1887", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T01:26:54.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4150 (GCVE-0-2019-4150)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:28.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194150-info-disc (158510)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.2, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/C:L/AV:N/S:U/I:N/UI:N/AC:H/A:N/PR:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:29", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194150-info-disc (158510)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4150", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194150-info-disc (158510)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4150", datePublished: "2019-06-25T15:45:29.935158Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T00:56:34.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-4699 (GCVE-0-2020-4699)
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:57.822Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204699-info-disc (186947)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, ], datePublic: "2020-10-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/I:N/C:H/S:U/UI:N/PR:N/A:N/AV:A/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T13:05:35", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204699-info-disc (186947)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-08T00:00:00", ID: "CVE-2020-4699", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "A", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6346619", refsource: "CONFIRM", title: "IBM Security Bulletin 6346619 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204699-info-disc (186947)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4699", datePublished: "2020-10-12T13:05:35.713281Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T20:16:56.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1814 (GCVE-0-2018-1814)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150018 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sam-cve20181814-info-disc(150018)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sam-cve20181814-info-disc(150018)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1814", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sam-cve20181814-info-disc(150018)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018", }, { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1814", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T04:20:32.813Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-4499 (GCVE-0-2020-4499)
Vulnerability from cvelistv5
Published
2020-10-15 12:40
Modified
2024-09-17 04:28
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:48.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20204499-sec-bypass (182216)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, ], datePublic: "2020-10-14T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:L/UI:N/AC:L/PR:N/AV:N/C:L/S:U/A:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-15T12:40:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20204499-sec-bypass (182216)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-14T00:00:00", ID: "CVE-2020-4499", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6348046", refsource: "CONFIRM", title: "IBM Security Bulletin 6348046 (Security Access Manager)", url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20204499-sec-bypass (182216)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4499", datePublished: "2020-10-15T12:40:21.263570Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T04:28:43.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1804 (GCVE-0-2018-1804)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 04:08
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/149703 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sam-cve20181804-info-disc(149703)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.2, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sam-cve20181804-info-disc(149703)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1804", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sam-cve20181804-info-disc(149703)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703", }, { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1804", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T04:08:52.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1740 (GCVE-0-2018-1740)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/148419 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.379Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181740-xss(148419)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181740-xss(148419)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1740", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181740-xss(148419)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1740", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:42:36.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3045 (GCVE-0-2016-3045)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21995435 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95103 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Version: 9.0 Version: 9.0.0.1 Version: 9.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:15.078Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995435", }, { name: "95103", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95103", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Access Manager", vendor: "IBM Corporation", versions: [ { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "8.0.0", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.1", }, { status: "affected", version: "8.0.1.2", }, { status: "affected", version: "8.0.1.3", }, { status: "affected", version: "8.0.1.4", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.0.1.0", }, ], }, ], datePublic: "2017-02-01T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-02T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995435", }, { name: "95103", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95103", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-3045", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Access Manager", version: { version_data: [ { version_value: "9.0", }, { version_value: "9.0.0.1", }, { version_value: "9.0.1", }, { version_value: "7.0.0", }, { version_value: "8.0.0", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.1", }, { version_value: "8.0.1.2", }, { version_value: "8.0.1.3", }, { version_value: "8.0.1.4", }, { version_value: "9.0.0", }, { version_value: "9.0.1.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg21995435", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21995435", }, { name: "95103", refsource: "BID", url: "http://www.securityfocus.com/bid/95103", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-3045", datePublished: "2017-02-01T20:00:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:15.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1970 (GCVE-0-2018-1970)
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-09-17 02:07
Severity ?
EPSS score ?
Summary
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10796380 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Identity Manager |
Version: 7.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.489Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sim-cve20181970-info-disc(153751)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10796380", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Identity Manager", vendor: "IBM", versions: [ { status: "affected", version: "7.0.1", }, ], }, ], datePublic: "2019-01-30T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-04T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sim-cve20181970-info-disc(153751)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10796380", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-01-30T00:00:00", ID: "CVE-2018-1970", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Identity Manager", version: { version_data: [ { version_value: "7.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "H", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sim-cve20181970-info-disc(153751)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751", }, { name: "http://www.ibm.com/support/docview.wss?uid=ibm10796380", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10796380", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1970", datePublished: "2019-02-04T21:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:07:00.624Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1886 (GCVE-0-2018-1886)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152021 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.533Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181886-info-disc(152021)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181886-info-disc(152021)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1886", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181886-info-disc(152021)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1886", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:57:54.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4151 (GCVE-0-2019-4151)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:28.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194151-info-disc (158512)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/UI:N/PR:N/A:N/S:U/C:H/AV:N/I:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:29", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194151-info-disc (158512)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4151", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194151-info-disc (158512)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4151", datePublished: "2019-06-25T15:45:29.976044Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T19:40:00.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1850 (GCVE-0-2018-1850)
Vulnerability from cvelistv5
Published
2018-10-22 13:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10734555 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1042036 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.3.1 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.562Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sam-cve20181850-auth-bypass(150998)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10734555", }, { name: "1042036", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042036", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.3.1", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-10-17T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-07T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sam-cve20181850-auth-bypass(150998)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10734555", }, { name: "1042036", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042036", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-10-17T00:00:00", ID: "CVE-2018-1850", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.3.1", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sam-cve20181850-auth-bypass(150998)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998", }, { name: "http://www.ibm.com/support/docview.wss?uid=ibm10734555", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10734555", }, { name: "1042036", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042036", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1850", datePublished: "2018-10-22T13:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T23:16:49.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4153 (GCVE-0-2019-4153)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:36.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194153-open-redirect (158517)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.9, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/S:C/AV:N/C:N/I:H/AC:L/UI:R/PR:L/A:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194153-open-redirect (158517)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4153", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "N", I: "H", PR: "L", S: "C", UI: "R", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194153-open-redirect (158517)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4153", datePublished: "2019-06-25T15:45:30.062003Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T00:50:37.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4158 (GCVE-0-2019-4158)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.040Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194158-improper-auth (158574)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:L/A:N/AC:L/UI:N/I:L/S:U/AV:N/C:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194158-improper-auth (158574)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4158", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194158-improper-auth (158574)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4158", datePublished: "2019-06-25T15:45:30.194369Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T20:22:39.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1805 (GCVE-0-2018-1805)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/149704 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.408Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sam-cve20181805-info-disc(149704)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sam-cve20181805-info-disc(149704)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1805", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sam-cve20181805-info-disc(149704)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704", }, { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1805", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T19:36:35.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1813 (GCVE-0-2018-1813)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150017 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181813-input-validation(150017)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181813-input-validation(150017)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1813", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "N", I: "L", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181813-input-validation(150017)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1813", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T23:51:30.393Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3025 (GCVE-0-2016-3025)
Vulnerability from cvelistv5
Published
2016-11-25 03:38
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/93178 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21991107 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:15.147Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IV89258", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258", }, { name: "IV89240", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240", }, { name: "93178", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93178", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21991107", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IV89258", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258", }, { name: "IV89240", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240", }, { name: "93178", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93178", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21991107", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-3025", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IV89258", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258", }, { name: "IV89240", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240", }, { name: "93178", refsource: "BID", url: "http://www.securityfocus.com/bid/93178", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21991107", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21991107", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-3025", datePublished: "2016-11-25T03:38:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:15.147Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1478 (GCVE-0-2017-1478)
Vulnerability from cvelistv5
Published
2018-01-11 17:00
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012323 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102502 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128613 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040172 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.0.1 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.676Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012323", }, { name: "102502", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102502", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", }, { name: "1040172", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040172", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.2.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.3.1", }, ], }, ], datePublic: "2018-01-09T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.", }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-16T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012323", }, { name: "102502", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102502", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", }, { name: "1040172", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040172", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-01-09T00:00:00", ID: "CVE-2017-1478", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "9.0.0", }, { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.2.1", }, { version_value: "9.0.3", }, { version_value: "9.0.3.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22012323", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012323", }, { name: "102502", refsource: "BID", url: "http://www.securityfocus.com/bid/102502", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", }, { name: "1040172", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040172", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1478", datePublished: "2018-01-11T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T00:56:40.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1443 (GCVE-0-2018-1443)
Vulnerability from cvelistv5
Published
2018-03-08 16:00
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040454 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1040455 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139754 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg22014160 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103365 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22014161 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.0.1 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.129Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040454", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040454", }, { name: "1040455", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040455", }, { name: "ibm-sam-cve20181443-priv-escalation(139754)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014160", }, { name: "103365", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103365", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014161", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.2.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.3.1", }, { status: "affected", version: "9.0.4", }, ], }, { product: "Tivoli Federated Identity Manager", vendor: "IBM", versions: [ { status: "affected", version: "6.2.1", }, { status: "affected", version: "6.2", }, { status: "affected", version: "6.2.2", }, ], }, ], datePublic: "2018-03-02T00:00:00", descriptions: [ { lang: "en", value: "An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/A:L/AC:L/AV:L/C:L/I:L/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-13T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "1040454", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040454", }, { name: "1040455", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040455", }, { name: "ibm-sam-cve20181443-priv-escalation(139754)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014160", }, { name: "103365", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103365", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22014161", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-03-02T00:00:00", ID: "CVE-2018-1443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "9.0.0", }, { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.2.1", }, { version_value: "9.0.3", }, { version_value: "9.0.3.1", }, { version_value: "9.0.4", }, ], }, }, { product_name: "Tivoli Federated Identity Manager", version: { version_data: [ { version_value: "6.2.1", }, { version_value: "6.2", }, { version_value: "6.2.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "L", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "1040454", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040454", }, { name: "1040455", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040455", }, { name: "ibm-sam-cve20181443-priv-escalation(139754)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22014160", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22014160", }, { name: "103365", refsource: "BID", url: "http://www.securityfocus.com/bid/103365", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22014161", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22014161", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1443", datePublished: "2018-03-08T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T19:01:09.668Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4725 (GCVE-0-2019-4725)
Vulnerability from cvelistv5
Published
2020-10-06 15:45
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6342889 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:49.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6342889", }, { name: "ibm-sam-cve20194725-xss (172131)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0", }, ], }, ], datePublic: "2020-10-05T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.8, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/AV:N/C:L/S:C/I:L/A:N/PR:N/UI:R/E:H/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-06T15:45:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6342889", }, { name: "ibm-sam-cve20194725-xss (172131)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-05T00:00:00", ID: "CVE-2019-4725", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6342889", refsource: "CONFIRM", title: "IBM Security Bulletin 6342889 (Security Access Manager Appliance)", url: "https://www.ibm.com/support/pages/node/6342889", }, { name: "ibm-sam-cve20194725-xss (172131)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4725", datePublished: "2020-10-06T15:45:15.852404Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T02:11:53.549Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-35139 (GCVE-0-2024-35139)
Vulnerability from cvelistv5
Published
2024-06-28 15:42
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158790 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/292415 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35139", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T18:17:46.888436Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T18:17:52.832Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.739Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.", }, ], value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T15:42:04.309Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Access Manager Docker information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-35139", datePublished: "2024-06-28T15:42:04.309Z", dateReserved: "2024-05-09T16:27:27.134Z", dateUpdated: "2024-08-02T03:07:46.739Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4552 (GCVE-0-2019-4552)
Vulnerability from cvelistv5
Published
2020-10-15 12:40
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20194552-response-splitting (165960)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, ], datePublic: "2020-10-14T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/C:L/PR:N/A:N/S:C/I:L/UI:R/AC:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-15T12:40:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20194552-response-splitting (165960)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-14T00:00:00", ID: "CVE-2019-4552", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "C", UI: "R", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6348046", refsource: "CONFIRM", title: "IBM Security Bulletin 6348046 (Security Access Manager)", url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20194552-response-splitting (165960)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4552", datePublished: "2020-10-15T12:40:20.849636Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T19:25:59.758Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1476 (GCVE-0-2017-1476)
Vulnerability from cvelistv5
Published
2018-06-06 17:00
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012310 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104501 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 8.0.1.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.799Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012310", }, { name: "ibm-sam-cve20171476-info-disc(128610)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610", }, { name: "104501", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104501", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "8.0.0", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.1", }, { status: "affected", version: "8.0.1.2", }, { status: "affected", version: "8.0.1.3", }, { status: "affected", version: "8.0.1.4", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "8.0.1.5", }, { status: "affected", version: "9.0.2.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.3.1", }, { status: "affected", version: "8.0.1.6", }, ], }, ], datePublic: "2018-06-04T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-20T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012310", }, { name: "ibm-sam-cve20171476-info-disc(128610)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610", }, { name: "104501", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104501", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-04T00:00:00", ID: "CVE-2017-1476", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "7.0.0", }, { version_value: "8.0.0", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.1", }, { version_value: "8.0.1.2", }, { version_value: "8.0.1.3", }, { version_value: "8.0.1.4", }, { version_value: "9.0.0", }, { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "8.0.1.5", }, { version_value: "9.0.2.1", }, { version_value: "9.0.3", }, { version_value: "9.0.3.1", }, { version_value: "8.0.1.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=swg22012310", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012310", }, { name: "ibm-sam-cve20171476-info-disc(128610)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610", }, { name: "104501", refsource: "BID", url: "http://www.securityfocus.com/bid/104501", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1476", datePublished: "2018-06-06T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T23:01:51.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-4660 (GCVE-0-2020-4660)
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:49.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204660-info-disc (186140)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, ], datePublic: "2020-10-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/A:N/PR:N/UI:N/S:U/C:H/I:N/AC:H/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T13:05:34", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204660-info-disc (186140)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-08T00:00:00", ID: "CVE-2020-4660", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "A", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6346619", refsource: "CONFIRM", title: "IBM Security Bulletin 6346619 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204660-info-disc (186140)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4660", datePublished: "2020-10-12T13:05:34.819706Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T22:08:58.203Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3018 (GCVE-0-2016-3018)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96380 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21995347 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Version: 9.0 Version: 9.0.0.1 Version: 9.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:14.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96380", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96380", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995347", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Access Manager", vendor: "IBM Corporation", versions: [ { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "8.0.0", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.1", }, { status: "affected", version: "8.0.1.2", }, { status: "affected", version: "8.0.1.3", }, { status: "affected", version: "8.0.1.4", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.0.1.0", }, ], }, ], datePublic: "2017-02-01T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-01T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "96380", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96380", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21995347", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-3018", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Access Manager", version: { version_data: [ { version_value: "9.0", }, { version_value: "9.0.0.1", }, { version_value: "9.0.1", }, { version_value: "7.0.0", }, { version_value: "8.0.0", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.1", }, { version_value: "8.0.1.2", }, { version_value: "8.0.1.3", }, { version_value: "8.0.1.4", }, { version_value: "9.0.0", }, { version_value: "9.0.1.0", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "96380", refsource: "BID", url: "http://www.securityfocus.com/bid/96380", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21995347", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21995347", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-3018", datePublished: "2017-02-01T20:00:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:14.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1474 (GCVE-0-2017-1474)
Vulnerability from cvelistv5
Published
2018-06-06 17:00
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg22012329 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104476 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 8.0.1.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sam-cve20171474-info-disc(128606)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012329", }, { name: "104476", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104476", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "8.0.0", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.1", }, { status: "affected", version: "8.0.1.2", }, { status: "affected", version: "8.0.1.3", }, { status: "affected", version: "8.0.1.4", }, { status: "affected", version: "9.0.0", }, { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "8.0.1.5", }, { status: "affected", version: "9.0.2.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.3.1", }, { status: "affected", version: "8.0.1.6", }, ], }, ], datePublic: "2018-06-04T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-18T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sam-cve20171474-info-disc(128606)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22012329", }, { name: "104476", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104476", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-04T00:00:00", ID: "CVE-2017-1474", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.0.1", }, { version_value: "7.0.0", }, { version_value: "8.0.0", }, { version_value: "8.0.0.1", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.1", }, { version_value: "8.0.1.2", }, { version_value: "8.0.1.3", }, { version_value: "8.0.1.4", }, { version_value: "9.0.0", }, { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "8.0.1.5", }, { version_value: "9.0.2.1", }, { version_value: "9.0.3", }, { version_value: "9.0.3.1", }, { version_value: "8.0.1.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sam-cve20171474-info-disc(128606)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22012329", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22012329", }, { name: "104476", refsource: "BID", url: "http://www.securityfocus.com/bid/104476", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1474", datePublished: "2018-06-06T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T01:06:25.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1815 (GCVE-0-2018-1815)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150019 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:38.529Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181815-xss(150019)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.8, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-13T15:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181815-xss(150019)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1815", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "ibm-sam-cve20181815-xss(150019)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1815", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T20:07:08.600Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38370 (GCVE-0-2023-38370)
Vulnerability from cvelistv5
Published
2024-06-27 18:27
Modified
2024-08-02 17:39
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-38370", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T15:28:29.587751Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T15:28:59.080Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:39:13.358Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Access Manager Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.", }, ], value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T18:27:20.082Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Access Manager Docker information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38370", datePublished: "2024-06-27T18:27:20.082Z", dateReserved: "2023-07-16T00:53:28.840Z", dateUpdated: "2024-08-02T17:39:13.358Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38371 (GCVE-0-2023-38371)
Vulnerability from cvelistv5
Published
2024-06-27 18:14
Modified
2024-08-02 17:39
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-38371", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T19:57:54.158615Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-27T19:57:59.767Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:39:12.960Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Access Manager Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.", }, ], value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T18:14:20.985Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Access Manager Docker information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38371", datePublished: "2024-06-27T18:14:20.985Z", dateReserved: "2023-07-16T00:53:28.841Z", dateUpdated: "2024-08-02T17:39:12.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-35137 (GCVE-0-2024-35137)
Vulnerability from cvelistv5
Published
2024-06-28 15:33
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158790 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/292413 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35137", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-12T20:48:30.527671Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T20:48:37.133Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.", }, ], value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-258", description: "CWE-258 Empty Password in Configuration File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T15:33:11.156Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Access Manager Docker information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-35137", datePublished: "2024-06-28T15:33:11.156Z", dateReserved: "2024-05-09T16:27:27.133Z", dateUpdated: "2024-08-02T03:07:46.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4152 (GCVE-0-2019-4152)
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.975Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194152-session-fixation (158515)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1", }, { status: "affected", version: "9.0.3", }, { status: "affected", version: "9.0.4", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.5", }, { status: "affected", version: "9.0.6", }, ], }, ], datePublic: "2019-06-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/UI:N/A:N/PR:N/S:U/AV:L/C:L/I:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-25T15:45:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194152-session-fixation (158515)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-21T00:00:00", ID: "CVE-2019-4152", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.1", }, { version_value: "9.0.3", }, { version_value: "9.0.4", }, { version_value: "9.0.2", }, { version_value: "9.0.5", }, { version_value: "9.0.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", refsource: "CONFIRM", title: "IBM Security Bulletin 888379 (Security Access Manager)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10888379", }, { name: "ibm-sam-cve20194152-session-fixation (158515)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4152", datePublished: "2019-06-25T15:45:30.018496Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T19:10:50.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-1489 (GCVE-0-2017-1489)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-09-16 23:31
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/100592 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039227 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ibm.com/support/docview.wss?uid=swg22006959 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager for Web |
Version: 6.1 Version: 6.1.1 Version: 7.0 Version: 8.0 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.1 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 9.0 Version: 9.0.0.1 Version: 9.0.1 Version: 8.0.1.4 Version: 8.0.1.5 Version: 9.0.2 Version: 9.0.2.1 Version: 9.0.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:32:29.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687", }, { name: "100592", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100592", }, { name: "1039227", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039227", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22006959", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager for Web", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "7.0", }, { status: "affected", version: "8.0", }, { status: "affected", version: "8.0.0.2", }, { status: "affected", version: "8.0.0.3", }, { status: "affected", version: "8.0.0.4", }, { status: "affected", version: "8.0.0.5", }, { status: "affected", version: "8.0.0.1", }, { status: "affected", version: "8.0.1", }, { status: "affected", version: "8.0.1.2", }, { status: "affected", version: "8.0.1.3", }, { status: "affected", version: "9.0", }, { status: "affected", version: "9.0.0.1", }, { status: "affected", version: "9.0.1", }, { status: "affected", version: "8.0.1.4", }, { status: "affected", version: "8.0.1.5", }, { status: "affected", version: "9.0.2", }, { status: "affected", version: "9.0.2.1", }, { status: "affected", version: "9.0.3", }, ], }, ], datePublic: "2017-08-23T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-05T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687", }, { name: "100592", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100592", }, { name: "1039227", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039227", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg22006959", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2017-08-23T00:00:00", ID: "CVE-2017-1489", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager for Web", version: { version_data: [ { version_value: "6.1", }, { version_value: "6.1.1", }, { version_value: "7.0", }, { version_value: "8.0", }, { version_value: "8.0.0.2", }, { version_value: "8.0.0.3", }, { version_value: "8.0.0.4", }, { version_value: "8.0.0.5", }, { version_value: "8.0.0.1", }, { version_value: "8.0.1", }, { version_value: "8.0.1.2", }, { version_value: "8.0.1.3", }, { version_value: "9.0", }, { version_value: "9.0.0.1", }, { version_value: "9.0.1", }, { version_value: "8.0.1.4", }, { version_value: "8.0.1.5", }, { version_value: "9.0.2", }, { version_value: "9.0.2.1", }, { version_value: "9.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687", }, { name: "100592", refsource: "BID", url: "http://www.securityfocus.com/bid/100592", }, { name: "1039227", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039227", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg22006959", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg22006959", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1489", datePublished: "2017-08-28T20:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T23:31:41.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-4661 (GCVE-0-2020-4661)
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 17:38
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:49.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204661-info-disc (186142)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, ], datePublic: "2020-10-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/I:N/C:H/UI:N/S:U/PR:N/A:N/AV:A/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T13:05:35", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204661-info-disc (186142)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-08T00:00:00", ID: "CVE-2020-4661", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "A", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6346619", refsource: "CONFIRM", title: "IBM Security Bulletin 6346619 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204661-info-disc (186142)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4661", datePublished: "2020-10-12T13:05:35.256777Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T17:38:55.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-30998 (GCVE-0-2023-30998)
Vulnerability from cvelistv5
Published
2024-06-27 18:18
Modified
2024-08-24 10:46
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-30998", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T20:36:19.951540Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-27T20:36:27.247Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T14:45:24.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { tags: [ "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Access Manager Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.", }, ], value: "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250 Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-24T10:46:35.084Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158790", }, { url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Access Manager Docker privilege escalation", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-30998", datePublished: "2024-06-27T18:18:22.101Z", dateReserved: "2023-04-21T17:50:04.655Z", dateUpdated: "2024-08-24T10:46:35.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1653 (GCVE-0-2018-1653)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/144726 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106272 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:43.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-sam-cve20181653-xss(144726)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "106272", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106272", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.1.0", }, { status: "affected", version: "9.0.2.0", }, { status: "affected", version: "9.0.3.0", }, { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-21T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-sam-cve20181653-xss(144726)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "106272", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106272", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-12-11T00:00:00", ID: "CVE-2018-1653", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.1.0", }, { version_value: "9.0.2.0", }, { version_value: "9.0.3.0", }, { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "ibm-sam-cve20181653-xss(144726)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726", }, { name: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ibm10787785", }, { name: "106272", refsource: "BID", url: "http://www.securityfocus.com/bid/106272", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1653", datePublished: "2018-12-13T16:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T01:21:32.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-1722 (GCVE-0-2018-1722)
Vulnerability from cvelistv5
Published
2018-08-24 11:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10719623 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041557 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/105145 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/147370 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager Appliance |
Version: 9.0.4.0 Version: 9.0.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.378Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10719623", }, { name: "1041557", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041557", }, { name: "105145", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105145", }, { name: "ibm-sam-cve20181722-code-exec(147370)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager Appliance", vendor: "IBM", versions: [ { status: "affected", version: "9.0.4.0", }, { status: "affected", version: "9.0.5.0", }, ], }, ], datePublic: "2018-08-23T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 8.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:C/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-28T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10719623", }, { name: "1041557", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041557", }, { name: "105145", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105145", }, { name: "ibm-sam-cve20181722-code-exec(147370)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-08-23T00:00:00", ID: "CVE-2018-1722", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager Appliance", version: { version_data: [ { version_value: "9.0.4.0", }, { version_value: "9.0.5.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "H", I: "H", PR: "N", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10719623", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10719623", }, { name: "1041557", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041557", }, { name: "105145", refsource: "BID", url: "http://www.securityfocus.com/bid/105145", }, { name: "ibm-sam-cve20181722-code-exec(147370)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1722", datePublished: "2018-08-24T11:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T22:03:37.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4036 (GCVE-0-2019-4036)
Vulnerability from cvelistv5
Published
2019-10-25 16:30
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1072704 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/156159 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.962Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1072704", }, { name: "ibm-sam-cve20194036-dos (156159)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Security Access Manager", vendor: "IBM", }, ], datePublic: "2019-09-09T00:00:00.000Z", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/C:N/UI:N/A:H/PR:N/AV:N/AC:L/I:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-05T03:01:03.000Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1072704", }, { name: "ibm-sam-cve20194036-dos (156159)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-09-09T00:00:00", ID: "CVE-2019-4036", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1072704", refsource: "CONFIRM", title: "IBM Security Bulletin 1072704 (Security Access Manager)", url: "https://www.ibm.com/support/pages/node/1072704", }, { name: "ibm-sam-cve20194036-dos (156159)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4036", datePublished: "2019-10-25T16:30:34.688Z", dateReserved: "2019-01-03T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:25.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }