Vulnerabilites related to ibm - security_access_manager
cve-2019-4151
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194151-info-disc (158512)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/UI:N/PR:N/A:N/S:U/C:H/AV:N/I:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194151-info-disc (158512)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194151-info-disc (158512)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4151",
"datePublished": "2019-06-25T15:45:29.976044Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:40:00.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1814
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150018 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20181814-info-disc(150018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20181814-info-disc(150018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20181814-info-disc(150018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1814",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T04:20:32.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4725
Vulnerability from cvelistv5
Published
2020-10-06 15:45
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6342889 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:49.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6342889"
},
{
"name": "ibm-sam-cve20194725-xss (172131)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2020-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/C:L/S:C/I:L/A:N/PR:N/UI:R/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T15:45:15",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6342889"
},
{
"name": "ibm-sam-cve20194725-xss (172131)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-05T00:00:00",
"ID": "CVE-2019-4725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6342889",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6342889 (Security Access Manager Appliance)",
"url": "https://www.ibm.com/support/pages/node/6342889"
},
{
"name": "ibm-sam-cve20194725-xss (172131)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4725",
"datePublished": "2020-10-06T15:45:15.852404Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:11:53.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35137
Vulnerability from cvelistv5
Published
2024-06-28 15:33
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158790 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/292413 | vdb-entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Verify Access Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T20:48:30.527671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T20:48:37.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413."
}
],
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T15:33:11.156Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Access Manager Docker information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35137",
"datePublished": "2024-06-28T15:33:11.156Z",
"dateReserved": "2024-05-09T16:27:27.133Z",
"dateUpdated": "2024-08-02T03:07:46.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1850
Vulnerability from cvelistv5
Published
2018-10-22 13:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10734555 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1042036 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.3.1 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20181850-auth-bypass(150998)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10734555"
},
{
"name": "1042036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20181850-auth-bypass(150998)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10734555"
},
{
"name": "1042036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-17T00:00:00",
"ID": "CVE-2018-1850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.3.1"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20181850-auth-bypass(150998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10734555",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10734555"
},
{
"name": "1042036",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1850",
"datePublished": "2018-10-22T13:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T23:16:49.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4699
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204699-info-disc (186947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.7"
}
]
},
{
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/I:N/C:H/S:U/UI:N/PR:N/A:N/AV:A/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:35",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204699-info-disc (186947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.7"
}
]
}
},
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "A",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346619",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346619 (Security Verify Access)",
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204699-info-disc (186947)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4699",
"datePublished": "2020-10-12T13:05:35.713281Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T20:16:56.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4135
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 21:02
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194135-priv-escalation (158331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/AV:N/C:H/I:H/AC:H/UI:N/PR:L/A:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194135-priv-escalation (158331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194135-priv-escalation (158331)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4135",
"datePublished": "2019-06-25T15:45:29.833548Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:02:23.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35139
Vulnerability from cvelistv5
Published
2024-06-28 15:42
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158790 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/292415 | vdb-entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Verify Access Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T18:17:46.888436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T18:17:52.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415."
}
],
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T15:42:04.309Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Access Manager Docker information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35139",
"datePublished": "2024-06-28T15:42:04.309Z",
"dateReserved": "2024-05-09T16:27:27.134Z",
"dateUpdated": "2024-08-02T03:07:46.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3025
Vulnerability from cvelistv5
Published
2016-11-25 03:38
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/93178 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21991107 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV89258",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258"
},
{
"name": "IV89240",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240"
},
{
"name": "93178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV89258",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258"
},
{
"name": "IV89240",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240"
},
{
"name": "93178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV89258",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258"
},
{
"name": "IV89240",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240"
},
{
"name": "93178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93178"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991107",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-3025",
"datePublished": "2016-11-25T03:38:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4158
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194158-improper-auth (158574)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user\u0027s identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/A:N/AC:L/UI:N/I:L/S:U/AV:N/C:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194158-improper-auth (158574)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user\u0027s identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194158-improper-auth (158574)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4158",
"datePublished": "2019-06-25T15:45:30.194369Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:22:39.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4153
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:36.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194153-open-redirect (158517)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:C/AV:N/C:N/I:H/AC:L/UI:R/PR:L/A:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194153-open-redirect (158517)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194153-open-redirect (158517)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4153",
"datePublished": "2019-06-25T15:45:30.062003Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:50:37.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1813
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150017 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181813-input-validation(150017)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181813-input-validation(150017)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181813-input-validation(150017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1813",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T23:51:30.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1480
Vulnerability from cvelistv5
Published
2018-06-06 17:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012309 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104471 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.0.1 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 8.0.1.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012309",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1480",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:30:56.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1740
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/148419 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181740-xss(148419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181740-xss(148419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181740-xss(148419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1740",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:42:36.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4552
Vulnerability from cvelistv5
Published
2020-10-15 12:40
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"name": "ibm-sam-cve20194552-response-splitting (165960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
}
]
},
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.7"
}
]
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/C:L/PR:N/A:N/S:C/I:L/UI:R/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-15T12:40:20",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"name": "ibm-sam-cve20194552-response-splitting (165960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-14T00:00:00",
"ID": "CVE-2019-4552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
},
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6348046",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6348046 (Security Access Manager)",
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"name": "ibm-sam-cve20194552-response-splitting (165960)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4552",
"datePublished": "2020-10-15T12:40:20.849636Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:25:59.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4152
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194152-session-fixation (158515)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/UI:N/A:N/PR:N/S:U/AV:L/C:L/I:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194152-session-fixation (158515)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194152-session-fixation (158515)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4152",
"datePublished": "2019-06-25T15:45:30.018496Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:10:50.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4156
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:36.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194156-info-disc (158572)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/UI:N/A:N/PR:N/S:U/AV:N/C:H/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194156-info-disc (158572)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194156-info-disc (158572)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4156",
"datePublished": "2019-06-25T15:45:30.105632Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:20:32.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3018
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96380 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21995347 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Access Manager |
Version: 9.0 Version: 9.0.0.1 Version: 9.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:14.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-01T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96380"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995347",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-3018",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:14.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1476
Vulnerability from cvelistv5
Published
2018-06-06 17:00
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012310 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/104501 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 8.0.1.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012310",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1476",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:01:51.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1815
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150019 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181815-xss(150019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181815-xss(150019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181815-xss(150019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1815",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:07:08.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1805
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/149704 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20181805-info-disc(149704)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20181805-info-disc(149704)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20181805-info-disc(149704)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1805",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:36:35.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4499
Vulnerability from cvelistv5
Published
2020-10-15 12:40
Modified
2024-09-17 04:28
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"name": "ibm-sam-cve20204499-sec-bypass (182216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
}
]
},
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.7"
}
]
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:L/UI:N/AC:L/PR:N/AV:N/C:L/S:U/A:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-15T12:40:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"name": "ibm-sam-cve20204499-sec-bypass (182216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-14T00:00:00",
"ID": "CVE-2020-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
},
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6348046",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6348046 (Security Access Manager)",
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"name": "ibm-sam-cve20204499-sec-bypass (182216)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4499",
"datePublished": "2020-10-15T12:40:21.263570Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T04:28:43.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1489
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-09-16 23:31
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/100592 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039227 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ibm.com/support/docview.wss?uid=swg22006959 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager for Web |
Version: 6.1 Version: 6.1.1 Version: 7.0 Version: 8.0 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.0.1 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 9.0 Version: 9.0.0.1 Version: 9.0.1 Version: 8.0.1.4 Version: 8.0.1.5 Version: 9.0.2 Version: 9.0.2.1 Version: 9.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager for Web",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager for Web",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.1"
},
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039227"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006959",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1489",
"datePublished": "2017-08-28T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:31:41.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1478
Vulnerability from cvelistv5
Published
2018-01-11 17:00
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012323 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102502 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128613 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040172 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.0.1 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012323"
},
{
"name": "102502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102502"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613"
},
{
"name": "1040172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012323"
},
{
"name": "102502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102502"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613"
},
{
"name": "1040172",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-1478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012323",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012323"
},
{
"name": "102502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102502"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613"
},
{
"name": "1040172",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1478",
"datePublished": "2018-01-11T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:56:40.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1722
Vulnerability from cvelistv5
Published
2018-08-24 11:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10719623 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041557 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/105145 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/147370 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10719623"
},
{
"name": "1041557",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041557"
},
{
"name": "105145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105145"
},
{
"name": "ibm-sam-cve20181722-code-exec(147370)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 8.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:C/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10719623"
},
{
"name": "1041557",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041557"
},
{
"name": "105145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105145"
},
{
"name": "ibm-sam-cve20181722-code-exec(147370)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-23T00:00:00",
"ID": "CVE-2018-1722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10719623",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10719623"
},
{
"name": "1041557",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041557"
},
{
"name": "105145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105145"
},
{
"name": "ibm-sam-cve20181722-code-exec(147370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1722",
"datePublished": "2018-08-24T11:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T22:03:37.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38368
Vulnerability from cvelistv5
Published
2024-06-27 18:25
Modified
2024-08-24 10:48
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T20:35:29.363503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T20:35:35.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Access Manager Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195."
}
],
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-24T10:48:57.321Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Access Manager Docker information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38368",
"datePublished": "2024-06-27T18:25:39.896Z",
"dateReserved": "2023-07-16T00:53:28.840Z",
"dateUpdated": "2024-08-24T10:48:57.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4157
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-16 17:17
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:36.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194157-xss (158573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/UI:R/PR:N/A:N/S:C/AV:N/C:L/I:L/RC:C/E:H/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194157-xss (158573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194157-xss (158573)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4157",
"datePublished": "2019-06-25T15:45:30.150987Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:17:40.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1653
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/144726 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106272 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:43.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20181653-xss(144726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "106272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-21T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20181653-xss(144726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "106272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20181653-xss(144726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "106272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1653",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:21:32.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4661
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 17:38
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204661-info-disc (186142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.7"
}
]
},
{
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/I:N/C:H/UI:N/S:U/PR:N/A:N/AV:A/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:35",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204661-info-disc (186142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.7"
}
]
}
},
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "A",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346619",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346619 (Security Verify Access)",
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204661-info-disc (186142)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4661",
"datePublished": "2020-10-12T13:05:35.256777Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:38:55.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1803
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 20:41
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/149702 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181803-clickjacking(149702)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181803-clickjacking(149702)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181803-clickjacking(149702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1803",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:41:52.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38371
Vulnerability from cvelistv5
Published
2024-06-27 18:14
Modified
2024-08-02 17:39
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T19:57:54.158615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T19:57:59.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Access Manager Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198."
}
],
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:14:20.985Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Access Manager Docker information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38371",
"datePublished": "2024-06-27T18:14:20.985Z",
"dateReserved": "2023-07-16T00:53:28.841Z",
"dateUpdated": "2024-08-02T17:39:12.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4150
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194150-info-disc (158510)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/AV:N/S:U/I:N/UI:N/AC:H/A:N/PR:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194150-info-disc (158510)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194150-info-disc (158510)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4150",
"datePublished": "2019-06-25T15:45:29.935158Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:56:34.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3028
Vulnerability from cvelistv5
Published
2016-11-25 03:38
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21990317 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93176 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV89257",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317"
},
{
"name": "93176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93176"
},
{
"name": "IV89322",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322"
},
{
"name": "IV89326",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV89257",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317"
},
{
"name": "93176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93176"
},
{
"name": "IV89322",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322"
},
{
"name": "IV89326",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV89257",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317"
},
{
"name": "93176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93176"
},
{
"name": "IV89322",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322"
},
{
"name": "IV89326",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-3028",
"datePublished": "2016-11-25T03:38:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3045
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21995435 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95103 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Access Manager |
Version: 9.0 Version: 9.0.0.1 Version: 9.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995435"
},
{
"name": "95103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995435"
},
{
"name": "95103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995435",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995435"
},
{
"name": "95103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-3045",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4707
Vulnerability from cvelistv5
Published
2020-01-28 18:30
Modified
2024-09-16 18:02
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1284034 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.7.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:49.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1284034"
},
{
"name": "ibm-sam-cve20194707-xxe (172018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.7.0"
}
]
}
],
"datePublic": "2020-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AC:L/C:H/AV:N/PR:L/UI:N/S:U/A:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T18:30:57",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1284034"
},
{
"name": "ibm-sam-cve20194707-xxe (172018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-01-27T00:00:00",
"ID": "CVE-2019-4707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1284034",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1284034 (Security Access Manager Appliance)",
"url": "https://www.ibm.com/support/pages/node/1284034"
},
{
"name": "ibm-sam-cve20194707-xxe (172018)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4707",
"datePublished": "2020-01-28T18:30:57.548512Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:02:51.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4461
Vulnerability from cvelistv5
Published
2020-05-20 12:35
Modified
2024-09-16 22:26
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6211847 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.7.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6211847"
},
{
"name": "ibm-sam-cve20204461-sec-bypass (181481)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.7.1"
}
]
}
],
"datePublic": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/AV:N/UI:N/AC:L/PR:L/A:N/I:H/S:U/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T12:35:12",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6211847"
},
{
"name": "ibm-sam-cve20204461-sec-bypass (181481)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-05-19T00:00:00",
"ID": "CVE-2020-4461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.7.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6211847",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6211847 (Security Access Manager Appliance)",
"url": "https://www.ibm.com/support/pages/node/6211847"
},
{
"name": "ibm-sam-cve20204461-sec-bypass (181481)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4461",
"datePublished": "2020-05-20T12:35:12.314953Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:26:20.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4036
Vulnerability from cvelistv5
Published
2019-10-25 16:30
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1072704 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/156159 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager | |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1072704"
},
{
"name": "ibm-sam-cve20194036-dos (156159)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Security Access Manager",
"vendor": "IBM"
}
],
"datePublic": "2019-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/C:N/UI:N/A:H/PR:N/AV:N/AC:L/I:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T16:30:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1072704"
},
{
"name": "ibm-sam-cve20194036-dos (156159)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-09-09T00:00:00",
"ID": "CVE-2019-4036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1072704",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1072704 (Security Access Manager)",
"url": "https://www.ibm.com/support/pages/node/1072704"
},
{
"name": "ibm-sam-cve20194036-dos (156159)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4036",
"datePublished": "2019-10-25T16:30:34.688880Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:41:17.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20439
Vulnerability from cvelistv5
Published
2021-07-15 16:00
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6471903 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access Docker |
Version: 10.0.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:24.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6471903"
},
{
"name": "ibm-sam-cve202120439-info-disc (196453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
}
]
},
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2021-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/PR:N/AC:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T16:00:16",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6471903"
},
{
"name": "ibm-sam-cve202120439-info-disc (196453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-20439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
},
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6471903",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6471903 (Security Verify Access Docker)",
"url": "https://www.ibm.com/support/pages/node/6471903"
},
{
"name": "ibm-sam-cve202120439-info-disc (196453)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20439",
"datePublished": "2021-07-15T16:00:16.215865Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T20:06:17.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1474
Vulnerability from cvelistv5
Published
2018-06-06 17:00
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg22012329 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104476 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.0.1 Version: 7.0.0 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 8.0.1.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012329",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1474",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:06:25.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38370
Vulnerability from cvelistv5
Published
2024-06-27 18:27
Modified
2024-08-02 17:39
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T15:28:29.587751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T15:28:59.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Access Manager Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197."
}
],
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:27:20.082Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Access Manager Docker information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38370",
"datePublished": "2024-06-27T18:27:20.082Z",
"dateReserved": "2023-07-16T00:53:28.840Z",
"dateUpdated": "2024-08-02T17:39:13.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1970
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-09-17 02:07
Severity ?
EPSS score ?
Summary
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10796380 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Identity Manager |
Version: 7.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sim-cve20181970-info-disc(153751)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2019-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-04T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sim-cve20181970-info-disc(153751)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-30T00:00:00",
"ID": "CVE-2018-1970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sim-cve20181970-info-disc(153751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1970",
"datePublished": "2019-02-04T21:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:07:00.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1887
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152078 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20181887-info-disc(152078)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:N/S:C/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20181887-info-disc(152078)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20181887-info-disc(152078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1887",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:26:54.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30998
Vulnerability from cvelistv5
Published
2024-06-27 18:18
Modified
2024-08-24 10:46
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T20:36:19.951540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T20:36:27.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Access Manager Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649."
}
],
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-24T10:46:35.084Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Access Manager Docker privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-30998",
"datePublished": "2024-06-27T18:18:22.101Z",
"dateReserved": "2023-04-21T17:50:04.655Z",
"dateUpdated": "2024-08-24T10:46:35.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1804
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 04:08
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/149703 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20181804-info-disc(149703)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20181804-info-disc(149703)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20181804-info-disc(149703)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1804",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T04:08:52.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4660
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204660-info-disc (186140)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.7"
}
]
},
{
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/A:N/PR:N/UI:N/S:U/C:H/I:N/AC:H/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204660-info-disc (186140)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.7"
}
]
}
},
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "A",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346619",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346619 (Security Verify Access)",
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"name": "ibm-sam-cve20204660-info-disc (186140)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4660",
"datePublished": "2020-10-12T13:05:34.819706Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:08:58.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30997
Vulnerability from cvelistv5
Published
2024-06-27 18:21
Modified
2024-08-24 10:45
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Docker |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T20:35:52.373727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T20:36:00.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Access Manager Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638."
}
],
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-24T10:45:33.799Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Access Manager Docker privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-30997",
"datePublished": "2024-06-27T18:21:12.373Z",
"dateReserved": "2023-04-21T17:50:04.654Z",
"dateUpdated": "2024-08-24T10:45:33.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1443
Vulnerability from cvelistv5
Published
2018-03-08 16:00
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040454 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1040455 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139754 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg22014160 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103365 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22014161 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.0.1 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 9.0.4 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040454"
},
{
"name": "1040455",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040455"
},
{
"name": "ibm-sam-cve20181443-priv-escalation(139754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014160"
},
{
"name": "103365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "9.0.4"
}
]
},
{
"product": "Tivoli Federated Identity Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"datePublic": "2018-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:L/C:L/I:L/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1040454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040454"
},
{
"name": "1040455",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040455"
},
{
"name": "ibm-sam-cve20181443-priv-escalation(139754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014160"
},
{
"name": "103365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-02T00:00:00",
"ID": "CVE-2018-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "9.0.4"
}
]
}
},
{
"product_name": "Tivoli Federated Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.2.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "L",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040454"
},
{
"name": "1040455",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040455"
},
{
"name": "ibm-sam-cve20181443-priv-escalation(139754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014160",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014160"
},
{
"name": "103365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103365"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014161",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1443",
"datePublished": "2018-03-08T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:01:09.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4145
Vulnerability from cvelistv5
Published
2019-06-25 15:45
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10888379 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.1 Version: 9.0.3 Version: 9.0.4 Version: 9.0.2 Version: 9.0.5 Version: 9.0.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194145-info-disc (158400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.4"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.5"
},
{
"status": "affected",
"version": "9.0.6"
}
]
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/S:U/AV:L/C:H/PR:N/A:N/AC:L/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T15:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194145-info-disc (158400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-21T00:00:00",
"ID": "CVE-2019-4145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.4"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.5"
},
{
"version_value": "9.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10888379",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 888379 (Security Access Manager)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"name": "ibm-sam-cve20194145-info-disc (158400)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4145",
"datePublished": "2019-06-25T15:45:29.879307Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:31:05.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1886
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10787785 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152021 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Security Access Manager Appliance |
Version: 9.0.1.0 Version: 9.0.2.0 Version: 9.0.3.0 Version: 9.0.4.0 Version: 9.0.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181886-info-disc(152021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager Appliance",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "9.0.3.0"
},
{
"status": "affected",
"version": "9.0.4.0"
},
{
"status": "affected",
"version": "9.0.5.0"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181886-info-disc(152021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager Appliance",
"version": {
"version_data": [
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3.0"
},
{
"version_value": "9.0.4.0"
},
{
"version_value": "9.0.5.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10787785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"name": "ibm-sam-cve20181886-info-disc(152021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1886",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:57:54.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152078 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152078 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 contiene credenciales embebidas, como una contrase\u00f1a o una clave criptogr\u00e1fica, que emplea para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 152078."
}
],
"id": "CVE-2018-1887",
"lastModified": "2024-11-21T04:00:32.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:01.227",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152078"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-24 10:29
Modified
2024-11-21 04:00
Severity ?
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105145 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041557 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147370 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10719623 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105145 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041557 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147370 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10719623 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.4.0 | |
| ibm | security_access_manager | 9.0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65D7D18A-FF5C-40EF-B4CF-322315865BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D14395C8-DBF0-4354-B9D0-5FCE351B84A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.4.0 y 9.0.5.0 podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo cuando se est\u00e1n ejecutando los servicios Advanced Access Control o Federation. IBM X-Force ID: 147370."
}
],
"id": "CVE-2018-1722",
"lastModified": "2024-11-21T04:00:15.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-24T10:29:05.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105145"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041557"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10719623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10719623"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149704 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149704 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 genera un mensaje de error que incluye informaci\u00f3n sensible sobre su entorno, usuarios o datos asociados. IBM X-Force ID: 149704."
}
],
"id": "CVE-2018-1805",
"lastModified": "2024-11-21T04:00:24.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.850",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149704"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-06 17:29
Modified
2024-11-21 03:21
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012329 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104476 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012329 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104476 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_mobile | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51B15B3-FE28-412E-97B5-4CF536074CD2",
"versionEndIncluding": "9.0.3.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76B6ACA-0778-4513-9EE8-3AC0F4BEE571",
"versionEndIncluding": "7.0.0.32",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009088C-AD9E-4C49-944D-05E0714F327D",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 7.0.0, desde la versi\u00f3n 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 revela informaci\u00f3n sensible a usuarios no autorizados. Esta informaci\u00f3n puede emplearse para ejecutar m\u00e1s ataques en el sistema. IBM X-Force ID: 128606."
}
],
"id": "CVE-2017-1474",
"lastModified": "2024-11-21T03:21:55.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T17:29:00.263",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104476"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 | |
| ibm | security_verify_access | 10.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AD6025-8584-4F57-AC38-FC60064F2622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7548DF30-5F20-4A0E-97B2-D33BEE9D4785",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.7 e IBM Security Verify Access versi\u00f3n 10.0.0, podr\u00edan permitir a un atacante obtener informaci\u00f3n confidencial usando ataques de canal lateral de sincronizaci\u00f3n que podr\u00edan ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186142"
}
],
"id": "CVE-2020-4661",
"lastModified": "2024-11-21T05:33:03.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.493",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, podr\u00eda permitir a un atacante remoto conducir ataques de phishing, usando un ataque de tipo redireccionamiento abierto. Mediante la persuasi\u00f3n de una v\u00edctima a que visite un sitio web especialmente creado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para falsificar la URL que es desplegada para redireccionar a un usuario a un sitio web malicioso que parece ser de confianza. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n muy confidencial o conducir m\u00e1s ataques contra la v\u00edctima. ID de IBM X-Force: 158517."
}
],
"id": "CVE-2019-4153",
"lastModified": "2024-11-21T04:43:14.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.633",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.0.2 | |
| ibm | security_access_manager_for_mobile | 8.0.0.3 | |
| ibm | security_access_manager_for_mobile | 8.0.0.5 | |
| ibm | security_access_manager_for_mobile | 8.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.1.2 | |
| ibm | security_access_manager_for_mobile | 8.0.1.3 | |
| ibm | security_access_manager_for_mobile | 8.0.1.4 | |
| ibm | security_access_manager_for_web | 8.0.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0.1 | |
| ibm | security_access_manager_for_web | 8.0.0.2 | |
| ibm | security_access_manager_for_web | 8.0.0.3 | |
| ibm | security_access_manager_for_web | 8.0.0.5 | |
| ibm | security_access_manager_for_web | 8.0.1.0 | |
| ibm | security_access_manager_for_web | 8.0.1.2 | |
| ibm | security_access_manager_for_web | 8.0.1.3 | |
| ibm | security_access_manager_for_web | 8.0.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F49FA0E2-5FEB-4831-980E-CFBE7E44277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B67748-2677-44E7-B43D-857EBCA926C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE420D-4686-4C58-B77A-2E509983F4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44310E32-EA05-420B-8676-4E6EEAFB6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B93CED0-E8FA-4238-8963-46074D11A334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "907BB0CF-D270-4493-8D61-9841E6C5FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0801BD2-D95B-4703-9804-A555F9E7BA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A523C406-D64C-4CE6-8CBE-34D4C060E0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397073E9-9696-4B4C-926D-668EA4A52E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "643E7B97-17AB-4209-804E-79E94F3D671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F807870-4976-43E1-89BE-F08DEEE109CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2B3E49D-08E6-44CF-B034-D155247B5DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D54372BE-6201-48AB-A720-F29E931E52B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39017599-E63F-4101-8D37-62D9B0CE6917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA1DA71-91C8-4989-98B9-E924ED7B272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F884817-A712-4A89-B199-2E2483CD8363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F627D1-6FB4-47A2-817D-F9EC914DAC51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Security Access Manager para Web es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2016-3018",
"lastModified": "2024-11-21T02:49:12.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:00.487",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995347"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/96380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96380"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006959 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100592 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039227 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100592 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039227 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAE25B3-55F6-4D93-9110-26323F5D6CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB8C962-AAEA-4005-BC6B-7768310295E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86E64D67-84B1-4B22-B68C-AAFA68149206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B0FD7F-8007-41F8-A0B3-0C11B9F6D2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7255EFB-AE47-45E9-853E-5242D350A04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26F1E4CC-0FE8-4D18-9507-74131B8F21E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "624215F6-12DE-42B5-98AE-29F30C759690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B57D6417-ECB7-4A02-8C01-6E85087AD073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "92FF03BE-E1FC-491A-BBA5-0C67B9EC0F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9EFD7C-D827-4079-BBA5-38601F1DA571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C54E2A37-F451-4109-A367-A35D38D8E44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "24BBDD80-3EBA-4F5E-89BC-4107431B813F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2826D12C-893B-4045-98C0-60FDBB5EC252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1678A4B5-E2BB-41A2-9238-D0D34B189D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B4412073-8390-46B3-94A6-20D7B8075838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0AE0FD-6595-4132-8715-D2B859B04EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4256CF5F-8B99-4C5D-B67B-840DE56412EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA0D2F3-31B5-4AF8-B6E0-6795A240F094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "37632E93-91AA-47A6-9EF7-EB5A6FC4B843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "937C104A-74B7-4FC4-B436-42C14C4E4339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E4449E78-A1A2-423C-A9A4-5AB8ED7B1D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "32B351D1-5DB8-4C6D-8CA8-C22E6DE66D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8671CD-4FEA-4408-B594-ED8B7BD8543F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB5C09B-0681-42A1-AF82-15E91CD94787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "1083BB5E-C153-46D1-8FEE-63AEB52B5546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "59231981-02BF-4998-A86F-BFF6B4B79CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E912624A-33B5-4AF5-96DB-292C14B0A37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DB434802-50F4-4FCB-B674-C92FC5046140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A0553613-6429-4202-B9F1-CB2F58412D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EC68FC7C-F67D-44C7-AAA7-ECD2DB27C286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7D529E-724A-4AC6-91AA-9C771C980471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "12664D6B-1DF6-455E-99CB-08AF7A3C926E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDBFAE1-351E-4E9F-877E-E9BBB50FCFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE91D383-8FCF-4352-9DE4-306F99171785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "318A64DE-04E9-4A55-85D7-1079EECD7175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8961882B-0715-4B61-8343-9225BDDBC9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "699C6485-0FA4-47EE-9081-0332D0B1F8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6165F468-26EE-4AA7-B806-007F78AFD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25C01EE0-7BE2-420C-B538-A15589D9A019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFB52D6-9F29-49C1-83CC-CE662253488B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B247D8-4BEC-41BC-822E-5C31A8AECCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32A31D-266C-47D9-B11D-3C2DAEF6A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D32BB3A-3404-4B3B-AEBF-BF40B0CDC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2958706F-D4E1-41C0-A341-2E045A110E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E149CF2-75F4-43E8-9B1C-657D95403AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FE300627-1032-405E-96CC-B8CDF03C2326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "745799EB-8664-40D6-907B-9B8F640860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "097C64C6-9C0E-463A-8EEB-2906D9131887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF8D79D-0859-4943-A3A9-0C2F4183A9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8F491FA5-27ED-454B-850E-76DF60960D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "24610D16-7235-4EE2-AF20-AAAFCDF749D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4406DA-9DC1-4F76-9D2B-BE5BD8FB31F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7E8F5B-743B-4778-B096-1A2F950A31BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3930684E-FA31-42CB-8750-097ABEBE643B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7B733C54-4DDA-4491-A6A0-F07D7D879900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34676D-8537-4C7A-9C25-EF6973C0AD81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CB2D8-D1EC-429B-8C8B-48AF082C5FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B0FF96-BF36-40A7-99B5-9904785D4A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E08CB452-3475-4143-AD28-550E130A33B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "4D86E921-FF6A-4045-B853-0D6F86BF2475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B582DA4C-9457-4EDD-A47B-66DB213198AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "575D7BEE-0DB2-435D-844E-387590EF087A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9BAD4E-9F38-4AB7-A566-834A97CD1A86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BACDCBD6-EEF3-4259-9866-A89105AA4C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "536755AC-3FA7-4FA4-8CA3-0E1D4CB0FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68DB06C6-84B3-4DC6-AEE9-9DA49715A3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B894B409-DC42-4FA4-8864-387635B55F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B52B9A91-EDAF-43CC-A271-02ADCD691875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F740591-A399-49AC-911B-9ADD117B5BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB9A2D-0ABF-46C3-A742-959CC39070DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B832D0A-923B-4F4B-9F81-BA1BA2E7A920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EA2E35-08D1-4A2F-8941-0C87DF1BFC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A953FA93-A982-4104-8D6A-685E53613691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0028F4-5A36-4597-9830-46CFE5CF2EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FE607CA8-FB8A-4373-A345-822D5ABEA408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB32198-9382-43CC-9079-08D2162B4C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4336D4DD-5DE4-441E-B852-A2E1409953CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCBBC83-DCE2-4522-9808-8EFA63485388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "66159D17-FAB8-408A-90FA-62E9F840B568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0D79656C-0F25-4647-BE54-AAF0336C7BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "940F82D3-5809-42DC-92B5-F699C34F6996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6994DE96-2967-4C7C-A896-B68E064C41C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "55734E7A-D2CA-490F-8BAC-F47CE1A2F3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E9047D70-83D3-4D45-8A16-4299A0D06D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "65F66744-ABFA-4EB1-ACFB-FF88E0F20BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "33C28A38-46FA-4878-9F03-D9ACB510ED88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2EC653-CE7B-45A2-AB9F-F760646A4682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "94EF01E4-FBF5-4AF5-A6E8-BECF6052F72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0E063D-2C5E-4619-9176-9D28716BEDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "CC30B443-ACDB-4D10-88F2-07DAF8684C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E843FD37-844C-4359-9465-30C95B5F0831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE19EBF-68CA-4075-9A6D-B3DB7FF5DB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D424803C-85C3-4860-B842-93B98554070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "DC489116-D486-4388-8E93-E6E98EA81868",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53A3B2B3-52B4-4086-9092-364649265F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E24ACD0C-D825-4B2B-9483-66F0B815CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD382BC-2AA1-448E-BC8E-CAB2408995BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23A074B8-A709-44F1-9CB9-7BF2590989C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F73936C-442D-4857-99B3-605E55D82833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "54243412-CB97-4752-A31A-3CB6A757E495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9CF344-C187-4D60-8C90-2FB459883D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97AF8910-3F9A-407F-9834-B57D5807693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1BA86-C809-414E-8F58-2B6101518FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1634D4-28AB-4F12-B5FB-D32742F5836B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA35BD4-8738-47D3-A8F0-F9ABE4AEB985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "344FE134-DE7B-4925-875E-097DD0AB9AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "674FFA61-8F2A-43FB-BF51-68700698703C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "332D3784-C24E-45A7-880B-0C4A32687B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0738FC-EAC8-45C4-ADA9-06DBE3D9EADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "837D32E7-CFB7-462B-8479-E9811C149775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A7BE362F-72B3-481A-ABF4-4A36F4535F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C73DE810-1D11-4480-AF62-DC37F22DCC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "31D161F8-D61A-40DF-AA14-5256DD394082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "154B6E05-54C8-4271-A904-21CA6A2E6F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6389F03A-3547-44B1-9603-947735FC31B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E2735E77-B9ED-4608-AFA5-969E039C82F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0C58102A-8817-4656-AB85-07D60CB2D10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "461046D0-29C2-4152-B4D2-C60E9A04EE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "99EB7777-7CA5-41CB-98BC-AFC254E02C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0CFFABA7-86BD-4201-89F9-0F61E673DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F472F171-9FF2-4C44-AF5B-9CBA19E62A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5675CDEE-09CB-49D9-8C71-0CD71238129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "69978C3B-708B-4CDC-8FA0-65A98F2223E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "74CAA03E-DE79-4527-918D-EA219DC2DA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB312B8-7B65-4CE9-B399-2896450B5647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4AD958-FDB2-4F63-AD4F-C88B33BFA692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397073E9-9696-4B4C-926D-668EA4A52E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "643E7B97-17AB-4209-804E-79E94F3D671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F807870-4976-43E1-89BE-F08DEEE109CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2B3E49D-08E6-44CF-B034-D155247B5DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F50A5E-111B-4CF6-A531-FE88E7735140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D54372BE-6201-48AB-A720-F29E931E52B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCE958E-6DFA-403E-B251-F5BA7825A546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA2F71C-E15F-4729-A0D9-C8C116819546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39017599-E63F-4101-8D37-62D9B0CE6917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB037932-234B-41AD-8119-D964796ADDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA1DA71-91C8-4989-98B9-E924ED7B272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F884817-A712-4A89-B199-2E2483CD8363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F627D1-6FB4-47A2-817D-F9EC914DAC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C428319-FFE3-4365-ABFE-1E6D1CABC0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "79613B00-9B72-43BB-A42A-3BB191021ED7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1B0C02-D5D9-4F10-9120-C76D39D5C323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44310E32-EA05-420B-8676-4E6EEAFB6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B93CED0-E8FA-4238-8963-46074D11A334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "907BB0CF-D270-4493-8D61-9841E6C5FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0801BD2-D95B-4703-9804-A555F9E7BA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "525EF7EC-712E-4C84-A15C-B2A30BD11A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "049DD26B-9CF5-4E0C-812E-76A1224A15FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "909073A4-C6D5-47D7-911F-C855DB693EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A523C406-D64C-4CE6-8CBE-34D4C060E0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707F0FE4-EC91-44FF-AA21-1E2A99AC5C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFC0D0-2326-40CA-B4CC-65194566DA98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A180463-EDE0-47DB-A031-979E73AA2A33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF57E01-A333-49D7-8B25-D65B66410DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B67748-2677-44E7-B43D-857EBCA926C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE420D-4686-4C58-B77A-2E509983F4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C9CD3B-A25E-4DD1-9955-39E6E1EB4DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA399A01-351E-4587-9B0B-804452F09832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC682158-A8A0-4D2D-9ACD-ADF4093B7ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:if1:*:*:*:*:*:*",
"matchCriteriaId": "A483F61A-0DAC-43DB-B69B-37A6207C1CF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
},
{
"lang": "es",
"value": "Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podr\u00edan estar afectadas por una vulnerabilidad de redirecci\u00f3n. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. IBM X-Force ID: 128687."
}
],
"id": "CVE-2017-1489",
"lastModified": "2024-11-21T03:21:57.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.517",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6 no comprueba, o comprueba incorrectamente, un certificado que podr\u00eda permitir a un atacante falsificar una entidad confiable utilizando un ataque de tipo Man-in-the-middle (MITM). ID de IBM X-Force: 158510."
}
],
"id": "CVE-2019-4150",
"lastModified": "2024-11-21T04:43:14.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.447",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152021 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152021 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 divulga informaci\u00f3n sensible a usuarios no autorizados. Esta informaci\u00f3n puede emplearse para ejecutar m\u00e1s ataques en el sistema. IBM X-Force ID: 152021."
}
],
"id": "CVE-2018-1886",
"lastModified": "2024-11-21T04:00:32.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:01.180",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152021"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user\u0027s identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, no prueba que la identidad de un usuario sea la correcta, lo que puede conllevar a la exposici\u00f3n de recursos o funcionalidades a actores no deseados. ID de IBM X-Force: 158574"
}
],
"id": "CVE-2019-4158",
"lastModified": "2024-11-21T04:43:15.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.807",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-28 16:15
Modified
2024-11-21 09:19
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6",
"versionEndIncluding": "10.0.7.1",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413."
},
{
"lang": "es",
"value": "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podr\u00eda permitir que un usuario local posiblemente eleve sus privilegios debido a la exposici\u00f3n de informaci\u00f3n de configuraci\u00f3n confidencial. ID de IBM X-Force: 292413."
}
],
"id": "CVE-2024-35137",
"lastModified": "2024-11-21T09:19:49.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-28T16:15:04.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-258"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-20 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6211847 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181481 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6211847 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F821BF5-C612-48B5-ADA7-FD3A28DBB391",
"versionEndExcluding": "9.0.7.1",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481."
},
{
"lang": "es",
"value": "El IBM Security Access Manager Appliance versi\u00f3n 9.0.7.1, podr\u00eda permitir a un usuario autentificado omitir la seguridad al permitir una manipulaci\u00f3n de las peticiones de id_token sin verificaci\u00f3n. IBM X-Force ID: 181481."
}
],
"id": "CVE-2020-4461",
"lastModified": "2024-11-21T05:32:45.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-20T13:15:09.940",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6211847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6211847"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-28 16:15
Modified
2024-11-21 09:19
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6",
"versionEndIncluding": "10.0.7.1",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415."
},
{
"lang": "es",
"value": "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podr\u00eda permitir que un usuario local obtenga informaci\u00f3n confidencial del contenedor debido a permisos predeterminados incorrectos. ID de IBM X-Force: 292415."
}
],
"id": "CVE-2024-35139",
"lastModified": "2024-11-21T09:19:49.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-28T16:15:04.380",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-08 16:29
Modified
2024-11-21 03:59
Severity ?
5.9 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | tivoli_federated_identity_manager | 6.2.0 | |
| ibm | tivoli_federated_identity_manager | 6.2.1 | |
| ibm | tivoli_federated_identity_manager | 6.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706535A6-BE47-4AFA-BB65-00B72043D1A3",
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E508843E-DEA8-433D-AFD5-2730D2745E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F674F64E-F51F-4F5E-AFCD-952958E66FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93F48368-9617-4EE6-BF7A-6873229C0D66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754."
},
{
"lang": "es",
"value": "Una vulnerabilidad de an\u00e1lisis sint\u00e1ctico de XML afecta a los sistemas SSO (Single Sign On) basados en SAML de IBM (IBM Security Access Manager 9.0.0 - 9.0.4 e IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.). Esta vulnerabilidad puede permitir que un atacante con acceso autenticado enga\u00f1e a los sistemas SAML para que se autentique como un usuario diferente sin conocer la contrase\u00f1a de usuario de la v\u00edctima. IBM X-Force ID: 139754."
}
],
"id": "CVE-2018-1443",
"lastModified": "2024-11-21T03:59:49.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-08T16:29:00.407",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014160"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014161"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103365"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040454"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040455"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150017 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150017 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 emplea listas negras incompletas para validar entradas, lo que permite que los atacantes omitan los controles de la aplicaci\u00f3n, lo que provoca un impacto directo al sistema y a la integridad de los datos. IBM X-Force ID: 150017."
}
],
"id": "CVE-2018-1813",
"lastModified": "2024-11-21T04:00:24.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150017"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-06 17:29
Modified
2024-11-21 03:21
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012309 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104471 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012309 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104471 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_mobile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51B15B3-FE28-412E-97B5-4CF536074CD2",
"versionEndIncluding": "9.0.3.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009088C-AD9E-4C49-944D-05E0714F327D",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance desde la versi\u00f3n 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 almacena informaci\u00f3n potencialmente sensible en archivos de registro que podr\u00edan ser le\u00eddos por un usuario remoto. IBM X-Force ID: 128617."
}
],
"id": "CVE-2017-1480",
"lastModified": "2024-11-21T03:21:56.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T17:29:00.390",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104471"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-25 03:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_web | 7.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0.2 | |
| ibm | security_access_manager_for_web | 8.0.0.4 | |
| ibm | security_access_manager_for_web | 8.0.0.5 | |
| ibm | security_access_manager_for_web | 8.0.1 | |
| ibm | security_access_manager_for_web | 8.0.1.2 | |
| ibm | security_access_manager_for_web | 8.0.1.3 | |
| ibm | security_access_manager_for_web | 8.0.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F49FA0E2-5FEB-4831-980E-CFBE7E44277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B67748-2677-44E7-B43D-857EBCA926C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE420D-4686-4C58-B77A-2E509983F4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7CF23-E40B-48FE-B1F2-BAD47500A98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6658BD1-B9F9-4C68-AC7B-66E0630ACD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F807870-4976-43E1-89BE-F08DEEE109CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F50A5E-111B-4CF6-A531-FE88E7735140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D54372BE-6201-48AB-A720-F29E931E52B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5000C473-1151-4C1C-BCB8-C410D8BDA362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA1DA71-91C8-4989-98B9-E924ED7B272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F884817-A712-4A89-B199-2E2483CD8363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F627D1-6FB4-47A2-817D-F9EC914DAC51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access."
},
{
"lang": "es",
"value": "IBM Security Access Manager para Web 7.0 en versiones anteriores a IF2 y 8.0 en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.1.0 IF5 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el acceso de administraci\u00f3n LMI."
}
],
"id": "CVE-2016-3028",
"lastModified": "2024-11-21T02:49:13.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-25T03:59:07.627",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/93176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93176"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 | |
| ibm | security_verify_access | 10.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AD6025-8584-4F57-AC38-FC60064F2622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7548DF30-5F20-4A0E-97B2-D33BEE9D4785",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.7 e IBM Security Verify Access versi\u00f3n 10.0.0, podr\u00edan permitir a un atacante obtener informaci\u00f3n confidencial usando ataques de canal lateral de sincronizaci\u00f3n que podr\u00edan ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186140"
}
],
"id": "CVE-2020-4660",
"lastModified": "2024-11-21T05:33:03.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.383",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346619 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 | |
| ibm | security_verify_access | 10.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AD6025-8584-4F57-AC38-FC60064F2622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7548DF30-5F20-4A0E-97B2-D33BEE9D4785",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.7 e IBM Security Verify Access versi\u00f3n 10.0.0, podr\u00edan permitir a un atacante obtener informaci\u00f3n confidencial usando ataques de canal lateral de sincronizaci\u00f3n que podr\u00edan ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186947"
}
],
"id": "CVE-2020-4699",
"lastModified": "2024-11-21T05:33:08.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.570",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346619"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-15 13:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_verify_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58BFDCF5-D32F-4C5D-8F1C-75932843157F",
"versionEndExcluding": "9.0.7.2",
"versionStartIncluding": "9.0.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6EA022-9E98-4AEB-9B98-8BC6061141EE",
"versionEndExcluding": "10.0.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.7 e IBM Security Verify Access versi\u00f3n 10.0.0, son vulnerables a unos ataques de divisi\u00f3n de respuesta HTTP.\u0026#xa0;Un atacante remoto podr\u00eda explotar esta vulnerabilidad usando una URL especialmente dise\u00f1ada y causar que el servidor devuelva una respuesta dividida, una vez que se hace clic en la URL.\u0026#xa0;Esto permitir\u00eda al atacante llevar a cabo m\u00e1s ataques, como un envenenamiento de la cach\u00e9 web, un cross-site scripting y posiblemente obtener informaci\u00f3n confidencial.\u0026#xa0; IBM X-Force ID: 165960"
}
],
"id": "CVE-2019-4552",
"lastModified": "2024-11-21T04:43:43.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-15T13:15:12.807",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, no invalida los tokens de sesi\u00f3n de manera oportuna. La falta de una expiraci\u00f3n de sesi\u00f3n apropiada puede permitir a los atacantes con acceso local iniciar sesi\u00f3n en una sesi\u00f3n de navegador cerrada. ID de IBM X-Force: 158515."
}
],
"id": "CVE-2019-4152",
"lastModified": "2024-11-21T04:43:14.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.570",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 16:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6471903 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6471903 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0 | |
| ibm | security_verify_access | 10.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E8FD2-2E54-45B6-AF1F-4AAA6479A58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7548DF30-5F20-4A0E-97B2-D33BEE9D4785",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0 e IBM Security Verify Access Docker versi\u00f3n 10.0.0, almacenan las credenciales de usuario en texto sin cifrar que puede ser le\u00eddo por un usuario no autorizado"
}
],
"id": "CVE-2021-20439",
"lastModified": "2024-11-21T05:46:35.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T16:15:09.410",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6471903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6471903"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-22 12:29
Modified
2024-11-21 04:00
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10734555 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1042036 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10734555 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042036 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.3.1 | |
| ibm | security_access_manager | 9.0.4.0 | |
| ibm | security_access_manager | 9.0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD07A755-FEBF-42BE-B276-5AC31997D7BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65D7D18A-FF5C-40EF-B4CF-322315865BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D14395C8-DBF0-4354-B9D0-5FCE351B84A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 y 9.0.5.0 podr\u00eda permitir operaciones de administraci\u00f3n no autorizadas cuando se est\u00e1 ejecutando el servicio Advanced Access Control. IBM X-Force ID: 150998."
}
],
"id": "CVE-2018-1850",
"lastModified": "2024-11-21T04:00:30.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-22T12:29:00.237",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10734555"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042036"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10734555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150998"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150018 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150018 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 emplea algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir que un atacante descifre informaci\u00f3n altamente sensible. IBM X-Force ID: 150018."
}
],
"id": "CVE-2018-1814",
"lastModified": "2024-11-21T04:00:24.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.947",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150018"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n muy confidencial. ID de IBM X-Force: 158512."
}
],
"id": "CVE-2019-4151",
"lastModified": "2024-11-21T04:43:14.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.510",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148419 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148419 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 148419."
}
],
"id": "CVE-2018-1740",
"lastModified": "2024-11-21T04:00:17.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.647",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148419"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149702 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149702 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 podr\u00eda permitir que un atacante remoto secuestre la acci\u00f3n de clicado de la v\u00edctima. Al persuadir a una v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar las acciones de clicado de la v\u00edctima y, probablemente, lanzar m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 149702."
}
],
"id": "CVE-2018-1803",
"lastModified": "2024-11-21T04:00:24.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.697",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149702"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-25 03:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.0.2 | |
| ibm | security_access_manager_for_mobile | 8.0.0.3 | |
| ibm | security_access_manager_for_mobile | 8.0.0.4 | |
| ibm | security_access_manager_for_mobile | 8.0.0.5 | |
| ibm | security_access_manager_for_mobile | 8.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.1.2 | |
| ibm | security_access_manager_for_mobile | 8.0.1.3 | |
| ibm | security_access_manager_for_mobile | 8.0.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F49FA0E2-5FEB-4831-980E-CFBE7E44277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B67748-2677-44E7-B43D-857EBCA926C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE420D-4686-4C58-B77A-2E509983F4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44310E32-EA05-420B-8676-4E6EEAFB6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B93CED0-E8FA-4238-8963-46074D11A334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "907BB0CF-D270-4493-8D61-9841E6C5FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0801BD2-D95B-4703-9804-A555F9E7BA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "525EF7EC-712E-4C84-A15C-B2A30BD11A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8844A0-17D5-4EE9-85C4-518DACE7C9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach."
},
{
"lang": "es",
"value": "IBM Security Access Manager para Mobile 8.x en versiones anteriores a 8.0.1.4 IF3 y Security Access Manager 9.x en versiones anteriores a 9.0.1.0 IF5 no restringe adecuadamente intentos de inicio de sesi\u00f3n fallidos, lo que facilita a atacantes remotos obtener acceso a trav\u00e9s de una aproximaci\u00f3n de fuerza bruta."
}
],
"id": "CVE-2016-3025",
"lastModified": "2024-11-21T02:49:13.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-25T03:59:06.530",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991107"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/93178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93178"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:00
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10796380 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153751 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "840507C8-CEFC-4A47-A13E-A7AC5E3C621D",
"versionEndIncluding": "7.0.1.10",
"versionStartIncluding": "7.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751."
},
{
"lang": "es",
"value": "IBM Security Identity Manager 7.0.1 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 153751."
}
],
"id": "CVE-2018-1970",
"lastModified": "2024-11-21T04:00:40.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T21:29:00.533",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-06 17:29
Modified
2024-11-21 03:21
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012310 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104501 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012310 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104501 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_mobile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51B15B3-FE28-412E-97B5-4CF536074CD2",
"versionEndIncluding": "9.0.3.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76B6ACA-0778-4513-9EE8-3AC0F4BEE571",
"versionEndIncluding": "7.0.0.32",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009088C-AD9E-4C49-944D-05E0714F327D",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 7.0.0, desde la versi\u00f3n 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sensible empleando t\u00e9cnicas man-in-the-Middle (MitM). IBM X-Force ID: 128610."
}
],
"id": "CVE-2017-1476",
"lastModified": "2024-11-21T03:21:55.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T17:29:00.327",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104501"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, es afectado por una vulnerabilidad de seguridad que podr\u00eda permitir a usuarios autenticados hacerse pasar por otros usuarios. ID de IBM X-Force: 158331."
}
],
"id": "CVE-2019-4135",
"lastModified": "2024-11-21T04:43:12.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.320",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-27 18:15
Modified
2024-11-21 08:13
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6",
"versionEndIncluding": "10.0.7.1",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198."
},
{
"lang": "es",
"value": "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 261198."
}
],
"id": "CVE-2023-38371",
"lastModified": "2024-11-21T08:13:26.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-27T18:15:12.880",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n muy confidencial. ID de IBM X-Force: 158572."
}
],
"id": "CVE-2019-4156",
"lastModified": "2024-11-21T04:43:15.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.680",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150019 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150019 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 para Enterprise Single-Sign On es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 150019."
}
],
"id": "CVE-2018-1815",
"lastModified": "2024-11-21T04:00:26.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.993",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150019"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995435 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95103 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995435 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95103 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.0 | |
| ibm | security_access_manager | 9.0.0.1 | |
| ibm | security_access_manager | 9.0.1.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.0 | |
| ibm | security_access_manager_for_mobile | 8.0.0.5 | |
| ibm | security_access_manager_for_mobile | 8.0.1 | |
| ibm | security_access_manager_for_mobile | 8.0.1.2 | |
| ibm | security_access_manager_for_mobile | 8.0.1.3 | |
| ibm | security_access_manager_for_mobile | 8.0.1.4 | |
| ibm | security_access_manager_for_web | 7.0.0 | |
| ibm | security_access_manager_for_web | 8.0.0 | |
| ibm | security_access_manager_for_web | 8.0.1 | |
| ibm | security_access_manager_for_web | 8.0.1.1 | |
| ibm | security_access_manager_for_web | 8.0.1.2 | |
| ibm | security_access_manager_for_web | 8.0.1.3 | |
| ibm | security_access_manager_for_web | 8.0.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F49FA0E2-5FEB-4831-980E-CFBE7E44277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B67748-2677-44E7-B43D-857EBCA926C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE420D-4686-4C58-B77A-2E509983F4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44310E32-EA05-420B-8676-4E6EEAFB6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8844A0-17D5-4EE9-85C4-518DACE7C9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58D7CF23-E40B-48FE-B1F2-BAD47500A98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6658BD1-B9F9-4C68-AC7B-66E0630ACD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5000C473-1151-4C1C-BCB8-C410D8BDA362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB037932-234B-41AD-8119-D964796ADDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA1DA71-91C8-4989-98B9-E924ED7B272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F884817-A712-4A89-B199-2E2483CD8363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F627D1-6FB4-47A2-817D-F9EC914DAC51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history."
},
{
"lang": "es",
"value": "IBM Security Access Manager para Web almacena informaci\u00f3n sensible en par\u00e1metros URL. Esto puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n si las partes no autorizadas tienen acceso a las URL a trav\u00e9s de los registros del servidor, el encabezado referente o el historial del navegador."
}
],
"id": "CVE-2016-3045",
"lastModified": "2024-11-21T02:49:15.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:00.817",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995435"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95103"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, se podr\u00eda mostrar altamente sensible en condiciones especializadas a un usuario local, lo que podr\u00eda ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 158400."
}
],
"id": "CVE-2019-4145",
"lastModified": "2024-11-21T04:43:13.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.383",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/254649 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/254649 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6",
"versionEndIncluding": "10.0.7.1",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649."
},
{
"lang": "es",
"value": "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podr\u00eda permitir que un usuario local obtenga acceso ra\u00edz debido a controles de acceso inadecuados. ID de IBM X-Force: 254649."
}
],
"id": "CVE-2023-30998",
"lastModified": "2024-11-21T08:01:12.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-27T19:15:11.187",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149703 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149703 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 no establece el atributo \"secure\" en los tokens de autorizaci\u00f3n o las cookies de sesi\u00f3n. Esto podr\u00eda permitir que un atacante explote esta vulnerabilidad para obtener informaci\u00f3n sensible empleando t\u00e9cnicas Man-in-the-Middle (MitM). IBM X-Force ID: 149703."
}
],
"id": "CVE-2018-1804",
"lastModified": "2024-11-21T04:00:24.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.820",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149703"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-15 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6348046 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6348046 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_verify_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58BFDCF5-D32F-4C5D-8F1C-75932843157F",
"versionEndExcluding": "9.0.7.2",
"versionStartIncluding": "9.0.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6EA022-9E98-4AEB-9B98-8BC6061141EE",
"versionEndExcluding": "10.0.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.7 e IBM Security Verify Access versi\u00f3n 10.0.0, podr\u00edan permitir a un cliente Oauth p\u00fablico no autorizado omitir algunas o todas las comprobaciones de autenticaci\u00f3n y conseguir acceso a las aplicaciones.\u0026#xa0;IBM X-Force ID: 182216"
}
],
"id": "CVE-2020-4499",
"lastModified": "2024-11-21T05:32:49.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-15T13:15:12.913",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6348046"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-11 17:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012323 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102502 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040172 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128613 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012323 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102502 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040172 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128613 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager_9.0_firmware | 9.0.0 | |
| ibm | security_access_manager_9.0_firmware | 9.0.0.1 | |
| ibm | security_access_manager_9.0_firmware | 9.0.1.0 | |
| ibm | security_access_manager_9.0_firmware | 9.0.2.0 | |
| ibm | security_access_manager_9.0_firmware | 9.0.2.1 | |
| ibm | security_access_manager_9.0_firmware | 9.0.3 | |
| ibm | security_access_manager_9.0_firmware | 9.0.3.1 | |
| ibm | security_access_manager | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5B6BD9-C0DF-4359-A6C1-F66E24912800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "847598BF-977A-4592-A6A1-2C7F04F29FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D95683B6-E2A5-43AF-A02E-B746DBE871D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E29AFB-FE70-4619-A09A-CE205374BFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E529E4C8-6B64-4B44-9194-76AE1471717E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8A2F70-0467-47CC-856F-E42094F0FEE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "465CFA08-AE0B-45CA-9A71-563BBEA02CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613."
},
{
"lang": "es",
"value": "La versi\u00f3n 9.0.0 de IBM Security Access Manager Appliance permite que las p\u00e1ginas web se almacenen localmente, lo que permite que sean le\u00eddas por otro usuario en el sistema. IBM X-Force ID: 128613."
}
],
"id": "CVE-2017-1478",
"lastModified": "2024-11-21T03:21:56.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-11T17:29:00.197",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012323"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102502"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040172"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-25 17:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156159 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1072704 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156159 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1072704 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C54DEF2-5561-4569-A9CD-95834C4CDEA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance, podr\u00eda permitir a un atacante no autenticado causar una denegaci\u00f3n de servicio en el componente proxy inverso. ID de IBM X-Force: 156159."
}
],
"id": "CVE-2019-4036",
"lastModified": "2024-11-21T04:43:04.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-25T17:15:11.023",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1072704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1072704"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-06 16:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6342889 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6342889 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA2ADBD-59D8-4B0C-89AA-EFEC8D120848",
"versionEndExcluding": "9.0.7.0",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance versi\u00f3n 9.0, es vulnerable a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de\u0026#xa0;una sesi\u00f3n de confiable. IBM X-Force ID: 172131"
}
],
"id": "CVE-2019-4725",
"lastModified": "2024-11-21T04:44:03.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T16:15:12.357",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6342889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6342889"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:13
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6",
"versionEndIncluding": "10.0.7.1",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195."
},
{
"lang": "es",
"value": "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podr\u00eda revelar informaci\u00f3n confidencial a un usuario local para realizar controles de permisos inadecuados. ID de IBM X-Force: 261195."
}
],
"id": "CVE-2023-38368",
"lastModified": "2024-11-21T08:13:25.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-27T19:15:11.460",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/254638 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/254638 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7158790 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6",
"versionEndIncluding": "10.0.7.1",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638."
},
{
"lang": "es",
"value": "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1 podr\u00eda permitir que un usuario local obtenga acceso ra\u00edz debido a controles de acceso inadecuados. ID de IBM X-Force: 254638."
}
],
"id": "CVE-2023-30997",
"lastModified": "2024-11-21T08:01:12.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-27T19:15:10.800",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106272 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144726 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10787785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106272 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144726 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB684A-B33C-4FFC-B24B-BD70B8F189E1",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0 y 9.0.5.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 144726."
}
],
"id": "CVE-2018-1653",
"lastModified": "2024-11-21T04:00:08.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:00.413",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106272"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10787785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144726"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-28 19:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1284034 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/172018 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1284034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | 9.0.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AD6025-8584-4F57-AC38-FC60064F2622",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance versi\u00f3n 9.0.7.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. ID de IBM X-Force: 172018."
}
],
"id": "CVE-2019-4707",
"lastModified": "2024-11-21T04:44:02.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-28T19:15:14.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1284034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1284034"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-27 19:15
Modified
2024-11-21 08:13
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C8827-4FA1-4579-87EE-6D78E83DE0A6",
"versionEndIncluding": "10.0.7.1",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197."
},
{
"lang": "es",
"value": "IBM Security Access Manager Docker 10.0.0.0 a 10.0.7.1, en determinadas configuraciones, podr\u00eda permitir a un usuario de la red instalar paquetes maliciosos. ID de IBM X-Force: 261197."
}
],
"id": "CVE-2023-38370",
"lastModified": "2024-11-21T08:13:26.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-27T19:15:11.720",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158790"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10888379 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE7D5C-5F66-4134-A779-2E5E843B5C1A",
"versionEndIncluding": "9.0.6",
"versionStartIncluding": "9.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573."
},
{
"lang": "es",
"value": "IBM Security Access Manager versi\u00f3n 9.0.1 hasta 9.0.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, y por lo tanto, alterar la funcionalidad deseada que podr\u00eda conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 158573."
}
],
"id": "CVE-2019-4157",
"lastModified": "2024-11-21T04:43:15.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T16:15:10.727",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888379"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}