Search criteria
81 vulnerabilities found for security_access_manager_for_mobile by ibm
FKIE_CVE-2017-1474
Vulnerability from fkie_nvd - Published: 2018-06-06 17:29 - Updated: 2024-11-21 03:21
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012329 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104476 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012329 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104476 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_mobile | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51B15B3-FE28-412E-97B5-4CF536074CD2",
"versionEndIncluding": "9.0.3.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76B6ACA-0778-4513-9EE8-3AC0F4BEE571",
"versionEndIncluding": "7.0.0.32",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009088C-AD9E-4C49-944D-05E0714F327D",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 7.0.0, desde la versi\u00f3n 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 revela informaci\u00f3n sensible a usuarios no autorizados. Esta informaci\u00f3n puede emplearse para ejecutar m\u00e1s ataques en el sistema. IBM X-Force ID: 128606."
}
],
"id": "CVE-2017-1474",
"lastModified": "2024-11-21T03:21:55.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T17:29:00.263",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104476"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1476
Vulnerability from fkie_nvd - Published: 2018-06-06 17:29 - Updated: 2024-11-21 03:21
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012310 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104501 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012310 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104501 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128610 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_mobile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51B15B3-FE28-412E-97B5-4CF536074CD2",
"versionEndIncluding": "9.0.3.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76B6ACA-0778-4513-9EE8-3AC0F4BEE571",
"versionEndIncluding": "7.0.0.32",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009088C-AD9E-4C49-944D-05E0714F327D",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 7.0.0, desde la versi\u00f3n 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sensible empleando t\u00e9cnicas man-in-the-Middle (MitM). IBM X-Force ID: 128610."
}
],
"id": "CVE-2017-1476",
"lastModified": "2024-11-21T03:21:55.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T17:29:00.327",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104501"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1480
Vulnerability from fkie_nvd - Published: 2018-06-06 17:29 - Updated: 2024-11-21 03:21
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012309 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104471 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012309 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104471 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128617 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_access_manager | * | |
| ibm | security_access_manager_for_web | * | |
| ibm | security_access_manager_for_mobile | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51B15B3-FE28-412E-97B5-4CF536074CD2",
"versionEndIncluding": "9.0.3.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009088C-AD9E-4C49-944D-05E0714F327D",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA90E65-CDC9-416D-B0D8-8A0816DCA4BC",
"versionEndIncluding": "8.0.1.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance desde la versi\u00f3n 8.0.0 hasta la 8.0.1.6 y desde la 9.0.0 hasta la 9.0.3.1 almacena informaci\u00f3n potencialmente sensible en archivos de registro que podr\u00edan ser le\u00eddos por un usuario remoto. IBM X-Force ID: 128617."
}
],
"id": "CVE-2017-1480",
"lastModified": "2024-11-21T03:21:56.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-06T17:29:00.390",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104471"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1473
Vulnerability from fkie_nvd - Published: 2018-04-23 13:29 - Updated: 2024-11-21 03:21
Severity ?
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012268 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128605 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012268 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128605 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB40FA5B-56C0-4F30-B1FF-4AE319342216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B5235B-7CB8-4BED-A621-A07E41DBC9C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E742D56D-85BB-4389-9852-8071437D4482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88D66204-3C44-4CA6-996B-AD3BFD3370DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE0F597-8CD6-4E07-9F06-6F8471586D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "585E5EC5-4614-47BD-8526-4E74B9F7FC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B63033A8-07D0-49C0-9C52-004D0A531ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64E4F115-166B-455C-A9F9-C41F2C1E7F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCC4761-86E0-44C8-A267-BB346CFFC1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "502A2DA1-6D96-4FF5-9879-A2872485CBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB020561-2D4E-4F20-99B0-E8E12E014284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A346626B-8FD3-46E5-A233-9B7481F5CB01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266A82C7-1172-417D-A7CA-0CA7C393347E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3848FA8-8B62-42D4-BB98-D3CB19F0FDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11C93808-34DD-4728-860C-8DE54F6D127F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F763BDC-4AF6-4A73-836A-D49724BA2BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8CCBD9-0284-4FC9-97AA-026692065431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B78F5BA3-A644-40A2-8254-BBB976486359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7C0967-F5DC-43BA-AB23-F74F6CF5D934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A47C7F1-18B0-486D-898E-14E2EE5596DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6C6169-E124-486A-BD13-E4CFCAC5CFFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17C6D6A0-52F4-49F7-AF57-C32BCF7E9A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2310A59-7BA2-450F-95E7-E90B9FB90B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8219A4-7426-4585-B54D-B1A46229DD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF31C09C-F6BD-4283-A183-F0EE896733C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9795ED-23D5-4792-A8E8-3014E48DC67F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEF9594-C2A9-4D2C-9D55-DBFDD5E5EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84C682FD-1176-4D21-AB41-6F3FDB6E5428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D58EA8-CB22-47AD-965E-35C46F2369AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A42F3AC0-9DA3-4DEE-ADB7-0ED69FC77B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "956D8D10-495A-4DF1-B014-87E7E2F57748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "282521FB-EA6A-4BAA-8BBE-9A0D66AA2186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8ADF36-1217-474C-BB54-F5658F63EA87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC9E6E2-005E-4EC3-87A0-AF1A7E7B3F6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 8.0.0 hasta 8.0.1.6 y 9.0.0 hasta la 9.0.3.1 emplea algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir que un atacante descifre informaci\u00f3n altamente sensible. IBM X-Force ID: 128605."
}
],
"id": "CVE-2017-1473",
"lastModified": "2024-11-21T03:21:55.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-23T13:29:00.247",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1534
Vulnerability from fkie_nvd - Published: 2018-01-10 17:29 - Updated: 2024-11-21 03:22
Severity ?
Summary
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22008936 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102509 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040169 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/130676 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22008936 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102509 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040169 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/130676 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB40FA5B-56C0-4F30-B1FF-4AE319342216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B5235B-7CB8-4BED-A621-A07E41DBC9C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E742D56D-85BB-4389-9852-8071437D4482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88D66204-3C44-4CA6-996B-AD3BFD3370DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE0F597-8CD6-4E07-9F06-6F8471586D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "585E5EC5-4614-47BD-8526-4E74B9F7FC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B63033A8-07D0-49C0-9C52-004D0A531ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64E4F115-166B-455C-A9F9-C41F2C1E7F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCC4761-86E0-44C8-A267-BB346CFFC1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "502A2DA1-6D96-4FF5-9879-A2872485CBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB020561-2D4E-4F20-99B0-E8E12E014284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A346626B-8FD3-46E5-A233-9B7481F5CB01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266A82C7-1172-417D-A7CA-0CA7C393347E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C0454A-1A09-4EED-8A94-F07F44B7A098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B93CED0-E8FA-4238-8963-46074D11A334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "907BB0CF-D270-4493-8D61-9841E6C5FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0801BD2-D95B-4703-9804-A555F9E7BA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "525EF7EC-712E-4C84-A15C-B2A30BD11A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8844A0-17D5-4EE9-85C4-518DACE7C9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFC0D0-2326-40CA-B4CC-65194566DA98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A180463-EDE0-47DB-A031-979E73AA2A33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9795ED-23D5-4792-A8E8-3014E48DC67F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEF9594-C2A9-4D2C-9D55-DBFDD5E5EC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84C682FD-1176-4D21-AB41-6F3FDB6E5428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D58EA8-CB22-47AD-965E-35C46F2369AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A42F3AC0-9DA3-4DEE-ADB7-0ED69FC77B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "956D8D10-495A-4DF1-B014-87E7E2F57748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "282521FB-EA6A-4BAA-8BBE-9A0D66AA2186",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC9E6E2-005E-4EC3-87A0-AF1A7E7B3F6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance en sus versiones 8.0.0 y 9.0.0 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 130676."
}
],
"id": "CVE-2017-1534",
"lastModified": "2024-11-21T03:22:02.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T17:29:01.110",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102509"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040169"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1459
Vulnerability from fkie_nvd - Published: 2018-01-10 17:29 - Updated: 2024-11-21 03:21
Severity ?
Summary
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012331 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040170 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128378 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012331 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040170 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128378 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35BD8955-4735-4FDC-906A-B404C4E36417",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6921A2CC-67D0-41B5-908B-F002C14AFD70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B95177-2AA3-45D4-895D-56CA35B32813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378."
},
{
"lang": "es",
"value": "IBM Security Access Manager Appliance 8.0.0 y 9.0.0 especifica permisos para un recurso cr\u00edtico para la seguridad de forma que permite que ese recurso sea le\u00eddo o modificado por actores no planeados. IBM X-Force ID: 128378."
}
],
"id": "CVE-2017-1459",
"lastModified": "2024-11-21T03:21:54.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T17:29:00.750",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040170"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1489
Vulnerability from fkie_nvd - Published: 2017-08-29 01:35 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006959 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100592 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039227 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100592 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039227 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128687 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAE25B3-55F6-4D93-9110-26323F5D6CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB8C962-AAEA-4005-BC6B-7768310295E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86E64D67-84B1-4B22-B68C-AAFA68149206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B0FD7F-8007-41F8-A0B3-0C11B9F6D2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7255EFB-AE47-45E9-853E-5242D350A04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26F1E4CC-0FE8-4D18-9507-74131B8F21E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "624215F6-12DE-42B5-98AE-29F30C759690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B57D6417-ECB7-4A02-8C01-6E85087AD073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "92FF03BE-E1FC-491A-BBA5-0C67B9EC0F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9EFD7C-D827-4079-BBA5-38601F1DA571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C54E2A37-F451-4109-A367-A35D38D8E44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "24BBDD80-3EBA-4F5E-89BC-4107431B813F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2826D12C-893B-4045-98C0-60FDBB5EC252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1678A4B5-E2BB-41A2-9238-D0D34B189D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B4412073-8390-46B3-94A6-20D7B8075838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0AE0FD-6595-4132-8715-D2B859B04EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4256CF5F-8B99-4C5D-B67B-840DE56412EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA0D2F3-31B5-4AF8-B6E0-6795A240F094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "37632E93-91AA-47A6-9EF7-EB5A6FC4B843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "937C104A-74B7-4FC4-B436-42C14C4E4339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E4449E78-A1A2-423C-A9A4-5AB8ED7B1D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "32B351D1-5DB8-4C6D-8CA8-C22E6DE66D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8671CD-4FEA-4408-B594-ED8B7BD8543F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB5C09B-0681-42A1-AF82-15E91CD94787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "1083BB5E-C153-46D1-8FEE-63AEB52B5546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "59231981-02BF-4998-A86F-BFF6B4B79CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E912624A-33B5-4AF5-96DB-292C14B0A37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DB434802-50F4-4FCB-B674-C92FC5046140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A0553613-6429-4202-B9F1-CB2F58412D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EC68FC7C-F67D-44C7-AAA7-ECD2DB27C286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7D529E-724A-4AC6-91AA-9C771C980471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "12664D6B-1DF6-455E-99CB-08AF7A3C926E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDBFAE1-351E-4E9F-877E-E9BBB50FCFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE91D383-8FCF-4352-9DE4-306F99171785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "318A64DE-04E9-4A55-85D7-1079EECD7175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8961882B-0715-4B61-8343-9225BDDBC9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "699C6485-0FA4-47EE-9081-0332D0B1F8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6165F468-26EE-4AA7-B806-007F78AFD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25C01EE0-7BE2-420C-B538-A15589D9A019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFB52D6-9F29-49C1-83CC-CE662253488B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B247D8-4BEC-41BC-822E-5C31A8AECCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32A31D-266C-47D9-B11D-3C2DAEF6A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8D32BB3A-3404-4B3B-AEBF-BF40B0CDC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2958706F-D4E1-41C0-A341-2E045A110E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E149CF2-75F4-43E8-9B1C-657D95403AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FE300627-1032-405E-96CC-B8CDF03C2326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "745799EB-8664-40D6-907B-9B8F640860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "097C64C6-9C0E-463A-8EEB-2906D9131887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF8D79D-0859-4943-A3A9-0C2F4183A9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8F491FA5-27ED-454B-850E-76DF60960D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "24610D16-7235-4EE2-AF20-AAAFCDF749D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4406DA-9DC1-4F76-9D2B-BE5BD8FB31F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7E8F5B-743B-4778-B096-1A2F950A31BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3930684E-FA31-42CB-8750-097ABEBE643B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7B733C54-4DDA-4491-A6A0-F07D7D879900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34676D-8537-4C7A-9C25-EF6973C0AD81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CB2D8-D1EC-429B-8C8B-48AF082C5FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B0FF96-BF36-40A7-99B5-9904785D4A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E08CB452-3475-4143-AD28-550E130A33B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "4D86E921-FF6A-4045-B853-0D6F86BF2475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B582DA4C-9457-4EDD-A47B-66DB213198AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "575D7BEE-0DB2-435D-844E-387590EF087A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9BAD4E-9F38-4AB7-A566-834A97CD1A86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BACDCBD6-EEF3-4259-9866-A89105AA4C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "536755AC-3FA7-4FA4-8CA3-0E1D4CB0FB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68DB06C6-84B3-4DC6-AEE9-9DA49715A3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B894B409-DC42-4FA4-8864-387635B55F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B52B9A91-EDAF-43CC-A271-02ADCD691875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F740591-A399-49AC-911B-9ADD117B5BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB9A2D-0ABF-46C3-A742-959CC39070DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B832D0A-923B-4F4B-9F81-BA1BA2E7A920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EA2E35-08D1-4A2F-8941-0C87DF1BFC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A953FA93-A982-4104-8D6A-685E53613691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0028F4-5A36-4597-9830-46CFE5CF2EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FE607CA8-FB8A-4373-A345-822D5ABEA408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB32198-9382-43CC-9079-08D2162B4C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4336D4DD-5DE4-441E-B852-A2E1409953CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCBBC83-DCE2-4522-9808-8EFA63485388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "66159D17-FAB8-408A-90FA-62E9F840B568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0D79656C-0F25-4647-BE54-AAF0336C7BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "940F82D3-5809-42DC-92B5-F699C34F6996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6994DE96-2967-4C7C-A896-B68E064C41C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "55734E7A-D2CA-490F-8BAC-F47CE1A2F3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E9047D70-83D3-4D45-8A16-4299A0D06D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "65F66744-ABFA-4EB1-ACFB-FF88E0F20BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "33C28A38-46FA-4878-9F03-D9ACB510ED88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2EC653-CE7B-45A2-AB9F-F760646A4682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "94EF01E4-FBF5-4AF5-A6E8-BECF6052F72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0E063D-2C5E-4619-9176-9D28716BEDC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "CC30B443-ACDB-4D10-88F2-07DAF8684C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E843FD37-844C-4359-9465-30C95B5F0831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE19EBF-68CA-4075-9A6D-B3DB7FF5DB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D424803C-85C3-4860-B842-93B98554070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "DC489116-D486-4388-8E93-E6E98EA81868",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53A3B2B3-52B4-4086-9092-364649265F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E24ACD0C-D825-4B2B-9483-66F0B815CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD382BC-2AA1-448E-BC8E-CAB2408995BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23A074B8-A709-44F1-9CB9-7BF2590989C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F73936C-442D-4857-99B3-605E55D82833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "54243412-CB97-4752-A31A-3CB6A757E495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9CF344-C187-4D60-8C90-2FB459883D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97AF8910-3F9A-407F-9834-B57D5807693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1BA86-C809-414E-8F58-2B6101518FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1634D4-28AB-4F12-B5FB-D32742F5836B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA35BD4-8738-47D3-A8F0-F9ABE4AEB985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "344FE134-DE7B-4925-875E-097DD0AB9AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "674FFA61-8F2A-43FB-BF51-68700698703C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "332D3784-C24E-45A7-880B-0C4A32687B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0738FC-EAC8-45C4-ADA9-06DBE3D9EADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "837D32E7-CFB7-462B-8479-E9811C149775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A7BE362F-72B3-481A-ABF4-4A36F4535F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C73DE810-1D11-4480-AF62-DC37F22DCC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "31D161F8-D61A-40DF-AA14-5256DD394082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "154B6E05-54C8-4271-A904-21CA6A2E6F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6389F03A-3547-44B1-9603-947735FC31B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E2735E77-B9ED-4608-AFA5-969E039C82F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0C58102A-8817-4656-AB85-07D60CB2D10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "461046D0-29C2-4152-B4D2-C60E9A04EE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "99EB7777-7CA5-41CB-98BC-AFC254E02C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0CFFABA7-86BD-4201-89F9-0F61E673DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F472F171-9FF2-4C44-AF5B-9CBA19E62A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5675CDEE-09CB-49D9-8C71-0CD71238129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "69978C3B-708B-4CDC-8FA0-65A98F2223E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "74CAA03E-DE79-4527-918D-EA219DC2DA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB312B8-7B65-4CE9-B399-2896450B5647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4AD958-FDB2-4F63-AD4F-C88B33BFA692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397073E9-9696-4B4C-926D-668EA4A52E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "643E7B97-17AB-4209-804E-79E94F3D671F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F807870-4976-43E1-89BE-F08DEEE109CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2B3E49D-08E6-44CF-B034-D155247B5DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F50A5E-111B-4CF6-A531-FE88E7735140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D54372BE-6201-48AB-A720-F29E931E52B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCE958E-6DFA-403E-B251-F5BA7825A546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA2F71C-E15F-4729-A0D9-C8C116819546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39017599-E63F-4101-8D37-62D9B0CE6917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB037932-234B-41AD-8119-D964796ADDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA1DA71-91C8-4989-98B9-E924ED7B272A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F884817-A712-4A89-B199-2E2483CD8363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F627D1-6FB4-47A2-817D-F9EC914DAC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C428319-FFE3-4365-ABFE-1E6D1CABC0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "79613B00-9B72-43BB-A42A-3BB191021ED7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1B0C02-D5D9-4F10-9120-C76D39D5C323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44310E32-EA05-420B-8676-4E6EEAFB6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B93CED0-E8FA-4238-8963-46074D11A334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "907BB0CF-D270-4493-8D61-9841E6C5FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0801BD2-D95B-4703-9804-A555F9E7BA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "525EF7EC-712E-4C84-A15C-B2A30BD11A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "049DD26B-9CF5-4E0C-812E-76A1224A15FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "909073A4-C6D5-47D7-911F-C855DB693EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A523C406-D64C-4CE6-8CBE-34D4C060E0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707F0FE4-EC91-44FF-AA21-1E2A99AC5C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFC0D0-2326-40CA-B4CC-65194566DA98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A180463-EDE0-47DB-A031-979E73AA2A33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF57E01-A333-49D7-8B25-D65B66410DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B67748-2677-44E7-B43D-857EBCA926C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEE420D-4686-4C58-B77A-2E509983F4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C9CD3B-A25E-4DD1-9955-39E6E1EB4DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA399A01-351E-4587-9B0B-804452F09832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC682158-A8A0-4D2D-9ACD-ADF4093B7ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:if1:*:*:*:*:*:*",
"matchCriteriaId": "A483F61A-0DAC-43DB-B69B-37A6207C1CF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
},
{
"lang": "es",
"value": "Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podr\u00edan estar afectadas por una vulnerabilidad de redirecci\u00f3n. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. IBM X-Force ID: 128687."
}
],
"id": "CVE-2017-1489",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.517",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5919
Vulnerability from fkie_nvd - Published: 2017-02-16 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5ACB34-BC23-4175-9F6A-91FB6762A040",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35BD8955-4735-4FDC-906A-B404C4E36417",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6921A2CC-67D0-41B5-908B-F002C14AFD70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B95177-2AA3-45D4-895D-56CA35B32813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868."
},
{
"lang": "es",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0 y 9.0.0 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente sensible. Referencia de IBM: 1996868."
}
],
"id": "CVE-2016-5919",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-16T20:59:00.130",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1037855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037855"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5013
Vulnerability from fkie_nvd - Published: 2017-02-08 19:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21993722 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/96090 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1037792 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21993722 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96090 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037792 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35BD8955-4735-4FDC-906A-B404C4E36417",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6921A2CC-67D0-41B5-908B-F002C14AFD70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B95177-2AA3-45D4-895D-56CA35B32813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_9.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86981E3-B9F4-4C49-AFF3-07E6C3FFD452",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."
},
{
"lang": "es",
"value": "El aparato IBM Security Access Manager incluye archivos de configuraci\u00f3n que contienen contrase\u00f1as de texto claro obfuscadas a las que pueden acceder usuarios autenticados."
}
],
"id": "CVE-2015-5013",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-08T19:59:00.213",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96090"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037792"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3020
Vulnerability from fkie_nvd - Published: 2017-02-07 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21996826 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21996826 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5ACB34-BC23-4175-9F6A-91FB6762A040",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35BD8955-4735-4FDC-906A-B404C4E36417",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6921A2CC-67D0-41B5-908B-F002C14AFD70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B95177-2AA3-45D4-895D-56CA35B32813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content."
},
{
"lang": "es",
"value": "IBM Security Access Manager para Web 7.0.0, 8.0.0 y 9.0.0 podr\u00eda permitir a un atacante remoto eludir las restricciones de seguridad, causada por la validaci\u00f3n del contenido indebido. Al persuadir a una v\u00edctima para abrir contenido especialmente manipulado, un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir la validaci\u00f3n y cargar una p\u00e1gina con contenido malicioso."
}
],
"id": "CVE-2016-3020",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-07T16:59:00.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-1476 (GCVE-0-2017-1476)
Vulnerability from cvelistv5 – Published: 2018-06-06 17:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012310",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1476",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:01:51.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1474 (GCVE-0-2017-1474)
Vulnerability from cvelistv5 – Published: 2018-06-06 17:00 – Updated: 2024-09-17 01:06
VLAI?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012329",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1474",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:06:25.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1480 (GCVE-0-2017-1480)
Vulnerability from cvelistv5 – Published: 2018-06-06 17:00 – Updated: 2024-09-16 23:30
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012309",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1480",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:30:56.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1473 (GCVE-0-2017-1473)
Vulnerability from cvelistv5 – Published: 2018-04-23 13:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20171473-info-disc(128605)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-23T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20171473-info-disc(128605)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-16T00:00:00",
"ID": "CVE-2017-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20171473-info-disc(128605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012268",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1473",
"datePublished": "2018-04-23T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:35:34.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1534 (GCVE-0-2017-1534)
Vulnerability from cvelistv5 – Published: 2018-01-10 17:00 – Updated: 2024-09-17 00:05
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name": "1040169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040169"
},
{
"name": "102509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name": "1040169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040169"
},
{
"name": "102509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-05T00:00:00",
"ID": "CVE-2017-1534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008936",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name": "1040169",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040169"
},
{
"name": "102509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1534",
"datePublished": "2018-01-10T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:05:31.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1459 (GCVE-0-2017-1459)
Vulnerability from cvelistv5 – Published: 2018-01-10 17:00 – Updated: 2024-09-17 00:07
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040170",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1040170",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-05T00:00:00",
"ID": "CVE-2017-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040170",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040170"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012331",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1459",
"datePublished": "2018-01-10T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:07:01.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1489 (GCVE-0-2017-1489)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager for Web |
Affected:
6.1
Affected: 6.1.1 Affected: 7.0 Affected: 8.0 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.1 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 9.0 Affected: 9.0.0.1 Affected: 9.0.1 Affected: 8.0.1.4 Affected: 8.0.1.5 Affected: 9.0.2 Affected: 9.0.2.1 Affected: 9.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager for Web",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager for Web",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.1"
},
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039227"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006959",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1489",
"datePublished": "2017-08-28T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:31:41.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5919 (GCVE-0-2016-5919)
Vulnerability from cvelistv5 – Published: 2017-02-16 20:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Affected:
9.0
Affected: 9.0.0.1 Affected: 9.0.1 Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
}
]
}
],
"datePublic": "2017-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1037855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037855"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996868",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5919",
"datePublished": "2017-02-16T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5013 (GCVE-0-2015-5013)
Vulnerability from cvelistv5 – Published: 2017-02-08 19:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Affected:
9.0
Affected: 9.0.0.1 Affected: 9.0.1 Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"name": "1037792",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
}
]
}
],
"datePublic": "2017-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"name": "1037792",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96090"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993722",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"name": "1037792",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5013",
"datePublished": "2017-02-08T19:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3020 (GCVE-0-2016-3020)
Vulnerability from cvelistv5 – Published: 2017-02-07 16:00 – Updated: 2024-08-05 23:40
VLAI?
Summary
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.
Severity ?
No CVSS data available.
CWE
- Bypass Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Affected:
9.0
Affected: 9.0.0.1 Affected: 9.0.1 Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:14.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
}
]
}
],
"datePublic": "2017-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996826",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-3020",
"datePublished": "2017-02-07T16:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:14.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1476 (GCVE-0-2017-1476)
Vulnerability from nvd – Published: 2018-06-06 17:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-20T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012310",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name": "ibm-sam-cve20171476-info-disc(128610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610"
},
{
"name": "104501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1476",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:01:51.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1474 (GCVE-0-2017-1474)
Vulnerability from nvd – Published: 2018-06-06 17:00 – Updated: 2024-09-17 01:06
VLAI?
Summary
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012329",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1474",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:06:25.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1480 (GCVE-0-2017-1480)
Vulnerability from nvd – Published: 2018-06-06 17:00 – Updated: 2024-09-16 23:30
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012309",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"name": "ibm-sam-cve20171480-info-disc(128617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617"
},
{
"name": "104471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1480",
"datePublished": "2018-06-06T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:30:56.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1473 (GCVE-0-2017-1473)
Vulnerability from nvd – Published: 2018-04-23 13:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sam-cve20171473-info-disc(128605)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-23T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sam-cve20171473-info-disc(128605)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-16T00:00:00",
"ID": "CVE-2017-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20171473-info-disc(128605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012268",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1473",
"datePublished": "2018-04-23T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:35:34.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1534 (GCVE-0-2017-1534)
Vulnerability from nvd – Published: 2018-01-10 17:00 – Updated: 2024-09-17 00:05
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name": "1040169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040169"
},
{
"name": "102509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name": "1040169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040169"
},
{
"name": "102509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-05T00:00:00",
"ID": "CVE-2017-1534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008936",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name": "1040169",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040169"
},
{
"name": "102509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1534",
"datePublished": "2018-01-10T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:05:31.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1459 (GCVE-0-2017-1459)
Vulnerability from nvd – Published: 2018-01-10 17:00 – Updated: 2024-09-17 00:07
VLAI?
Summary
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager |
Affected:
9.0.0.1
Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 Affected: 8.0.1.5 Affected: 9.0.2.1 Affected: 9.0.3 Affected: 9.0.3.1 Affected: 8.0.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040170",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
},
{
"status": "affected",
"version": "9.0.3.1"
},
{
"status": "affected",
"version": "8.0.1.6"
}
]
}
],
"datePublic": "2018-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1040170",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-05T00:00:00",
"ID": "CVE-2017-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040170",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040170"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012331",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012331"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1459",
"datePublished": "2018-01-10T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:07:01.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1489 (GCVE-0-2017-1489)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Access Manager for Web |
Affected:
6.1
Affected: 6.1.1 Affected: 7.0 Affected: 8.0 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.1 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 9.0 Affected: 9.0.0.1 Affected: 9.0.1 Affected: 8.0.1.4 Affected: 8.0.1.5 Affected: 9.0.2 Affected: 9.0.2.1 Affected: 9.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Security Access Manager for Web",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "9.0.2.1"
},
{
"status": "affected",
"version": "9.0.3"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager for Web",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.1.1"
},
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
},
{
"name": "100592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100592"
},
{
"name": "1039227",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039227"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006959",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1489",
"datePublished": "2017-08-28T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:31:41.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5919 (GCVE-0-2016-5919)
Vulnerability from nvd – Published: 2017-02-16 20:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Affected:
9.0
Affected: 9.0.0.1 Affected: 9.0.1 Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
}
]
}
],
"datePublic": "2017-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1037855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037855"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996868",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5919",
"datePublished": "2017-02-16T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5013 (GCVE-0-2015-5013)
Vulnerability from nvd – Published: 2017-02-08 19:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Affected:
9.0
Affected: 9.0.0.1 Affected: 9.0.1 Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"name": "1037792",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
}
]
}
],
"datePublic": "2017-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"name": "1037792",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96090"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993722",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
},
{
"name": "1037792",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5013",
"datePublished": "2017-02-08T19:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3020 (GCVE-0-2016-3020)
Vulnerability from nvd – Published: 2017-02-07 16:00 – Updated: 2024-08-05 23:40
VLAI?
Summary
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.
Severity ?
No CVSS data available.
CWE
- Bypass Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Access Manager |
Affected:
9.0
Affected: 9.0.0.1 Affected: 9.0.1 Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:14.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "9.0.0"
},
{
"status": "affected",
"version": "9.0.1.0"
},
{
"status": "affected",
"version": "9.0.2.0"
}
]
}
],
"datePublic": "2017-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996826",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-3020",
"datePublished": "2017-02-07T16:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:14.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}