Search criteria

24 vulnerabilities found for security_access_manager_for_web_appliance by ibm

FKIE_CVE-2017-1489

Vulnerability from fkie_nvd - Published: 2017-08-29 01:35 - Updated: 2025-04-20 01:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22006959Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/100592Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1039227Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/128687VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22006959Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100592Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039227Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/128687VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm tivoli_access_manager_for_e-business 6.1.0
ibm tivoli_access_manager_for_e-business 6.1.0.1
ibm tivoli_access_manager_for_e-business 6.1.0.2
ibm tivoli_access_manager_for_e-business 6.1.0.3
ibm tivoli_access_manager_for_e-business 6.1.0.4
ibm tivoli_access_manager_for_e-business 6.1.0.5
ibm tivoli_access_manager_for_e-business 6.1.0.6
ibm tivoli_access_manager_for_e-business 6.1.0.7
ibm tivoli_access_manager_for_e-business 6.1.0.8
ibm tivoli_access_manager_for_e-business 6.1.0.9
ibm tivoli_access_manager_for_e-business 6.1.0.10
ibm tivoli_access_manager_for_e-business 6.1.0.11
ibm tivoli_access_manager_for_e-business 6.1.0.12
ibm tivoli_access_manager_for_e-business 6.1.0.13
ibm tivoli_access_manager_for_e-business 6.1.0.14
ibm tivoli_access_manager_for_e-business 6.1.0.15
ibm tivoli_access_manager_for_e-business 6.1.0.16
ibm tivoli_access_manager_for_e-business 6.1.0.17
ibm tivoli_access_manager_for_e-business 6.1.0.18
ibm tivoli_access_manager_for_e-business 6.1.0.19
ibm tivoli_access_manager_for_e-business 6.1.0.20
ibm tivoli_access_manager_for_e-business 6.1.0.21
ibm tivoli_access_manager_for_e-business 6.1.0.22
ibm tivoli_access_manager_for_e-business 6.1.0.23
ibm tivoli_access_manager_for_e-business 6.1.0.24
ibm tivoli_access_manager_for_e-business 6.1.0.25
ibm tivoli_access_manager_for_e-business 6.1.0.26
ibm tivoli_access_manager_for_e-business 6.1.0.27
ibm tivoli_access_manager_for_e-business 6.1.0.28
ibm tivoli_access_manager_for_e-business 6.1.0.29
ibm tivoli_access_manager_for_e-business 6.1.0.30
ibm tivoli_access_manager_for_e-business 6.1.0.31
ibm tivoli_access_manager_for_e-business 6.1.1
ibm tivoli_access_manager_for_e-business 6.1.1.1
ibm tivoli_access_manager_for_e-business 6.1.1.2
ibm tivoli_access_manager_for_e-business 6.1.1.3
ibm tivoli_access_manager_for_e-business 6.1.1.4
ibm tivoli_access_manager_for_e-business 6.1.1.5
ibm tivoli_access_manager_for_e-business 6.1.1.6
ibm tivoli_access_manager_for_e-business 6.1.1.7
ibm tivoli_access_manager_for_e-business 6.1.1.8
ibm tivoli_access_manager_for_e-business 6.1.1.9
ibm tivoli_access_manager_for_e-business 6.1.1.10
ibm tivoli_access_manager_for_e-business 6.1.1.11
ibm tivoli_access_manager_for_e-business 6.1.1.12
ibm tivoli_access_manager_for_e-business 6.1.1.13
ibm tivoli_access_manager_for_e-business 6.1.1.14
ibm tivoli_access_manager_for_e-business 6.1.1.15
ibm tivoli_access_manager_for_e-business 6.1.1.16
ibm tivoli_access_manager_for_e-business 6.1.1.17
ibm tivoli_access_manager_for_e-business 6.1.1.18
ibm tivoli_access_manager_for_e-business 6.1.1.19
ibm tivoli_access_manager_for_e-business 6.1.1.20
ibm tivoli_access_manager_for_e-business 6.1.1.21
ibm tivoli_access_manager_for_e-business 6.1.1.22
ibm tivoli_access_manager_for_e-business 6.1.1.23
ibm tivoli_access_manager_for_e-business 6.1.1.24
ibm tivoli_access_manager_for_e-business 6.1.1.25
ibm tivoli_access_manager_for_e-business 6.1.1.26
ibm tivoli_access_manager_for_e-business 6.1.1.27
ibm tivoli_access_manager_for_e-business 6.1.1.28
ibm tivoli_access_manager_for_e-business 6.1.1.29
ibm tivoli_access_manager_for_e-business 6.1.1.30
ibm security_access_manager_for_web_software 7.0
ibm security_access_manager_for_web_software 7.0.0.1
ibm security_access_manager_for_web_software 7.0.0.2
ibm security_access_manager_for_web_software 7.0.0.3
ibm security_access_manager_for_web_software 7.0.0.4
ibm security_access_manager_for_web_software 7.0.0.5
ibm security_access_manager_for_web_software 7.0.0.6
ibm security_access_manager_for_web_software 7.0.0.7
ibm security_access_manager_for_web_software 7.0.0.8
ibm security_access_manager_for_web_software 7.0.0.9
ibm security_access_manager_for_web_software 7.0.0.10
ibm security_access_manager_for_web_software 7.0.0.11
ibm security_access_manager_for_web_software 7.0.0.12
ibm security_access_manager_for_web_software 7.0.0.13
ibm security_access_manager_for_web_software 7.0.0.14
ibm security_access_manager_for_web_software 7.0.0.15
ibm security_access_manager_for_web_software 7.0.0.16
ibm security_access_manager_for_web_software 7.0.0.17
ibm security_access_manager_for_web_software 7.0.0.18
ibm security_access_manager_for_web_software 7.0.0.19
ibm security_access_manager_for_web_software 7.0.0.20
ibm security_access_manager_for_web_software 7.0.0.21
ibm security_access_manager_for_web_software 7.0.0.22
ibm security_access_manager_for_web_software 7.0.0.23
ibm security_access_manager_for_web_software 7.0.0.24
ibm security_access_manager_for_web_software 7.0.0.25
ibm security_access_manager_for_web_software 7.0.0.26
ibm security_access_manager_for_web_software 7.0.0.27
ibm security_access_manager_for_web_software 7.0.0.28
ibm security_access_manager_for_web_software 7.0.0.29
ibm security_access_manager_for_web_software 7.0.0.30
ibm security_access_manager_for_web_appliance 7.0
ibm security_access_manager_for_web_appliance 7.0.0.1
ibm security_access_manager_for_web_appliance 7.0.0.2
ibm security_access_manager_for_web_appliance 7.0.0.3
ibm security_access_manager_for_web_appliance 7.0.0.4
ibm security_access_manager_for_web_appliance 7.0.0.5
ibm security_access_manager_for_web_appliance 7.0.0.6
ibm security_access_manager_for_web_appliance 7.0.0.7
ibm security_access_manager_for_web_appliance 7.0.0.8
ibm security_access_manager_for_web_appliance 7.0.0.9
ibm security_access_manager_for_web_appliance 7.0.0.10
ibm security_access_manager_for_web_appliance 7.0.0.11
ibm security_access_manager_for_web_appliance 7.0.0.12
ibm security_access_manager_for_web_appliance 7.0.0.13
ibm security_access_manager_for_web_appliance 7.0.0.14
ibm security_access_manager_for_web_appliance 7.0.0.15
ibm security_access_manager_for_web_appliance 7.0.0.16
ibm security_access_manager_for_web_appliance 7.0.0.17
ibm security_access_manager_for_web_appliance 7.0.0.18
ibm security_access_manager_for_web_appliance 7.0.0.19
ibm security_access_manager_for_web_appliance 7.0.0.20
ibm security_access_manager_for_web_appliance 7.0.0.21
ibm security_access_manager_for_web_appliance 7.0.0.22
ibm security_access_manager_for_web_appliance 7.0.0.23
ibm security_access_manager_for_web_appliance 7.0.0.24
ibm security_access_manager_for_web_appliance 7.0.0.25
ibm security_access_manager_for_web_appliance 7.0.0.26
ibm security_access_manager_for_web_appliance 7.0.0.27
ibm security_access_manager_for_web_appliance 7.0.0.28
ibm security_access_manager_for_web_appliance 7.0.0.29
ibm security_access_manager_for_web_appliance 7.0.0.30
ibm security_access_manager_for_web 8.0
ibm security_access_manager_for_web 8.0.0.0
ibm security_access_manager_for_web 8.0.0.1
ibm security_access_manager_for_web 8.0.0.2
ibm security_access_manager_for_web 8.0.0.3
ibm security_access_manager_for_web 8.0.0.4
ibm security_access_manager_for_web 8.0.0.5
ibm security_access_manager_for_web 8.0.0.22
ibm security_access_manager_for_web 8.0.0.31
ibm security_access_manager_for_web 8.0.1.0
ibm security_access_manager_for_web 8.0.1.1
ibm security_access_manager_for_web 8.0.1.2
ibm security_access_manager_for_web 8.0.1.3
ibm security_access_manager_for_web 8.0.1.4
ibm security_access_manager_for_web 8.0.1.5
ibm security_access_manager_for_web 8.0.1.6
ibm security_access_manager_for_mobile 8.0
ibm security_access_manager_for_mobile 8.0.0.0
ibm security_access_manager_for_mobile 8.0.0.1
ibm security_access_manager_for_mobile 8.0.0.2
ibm security_access_manager_for_mobile 8.0.0.3
ibm security_access_manager_for_mobile 8.0.0.4
ibm security_access_manager_for_mobile 8.0.0.5
ibm security_access_manager_for_mobile 8.0.0.22
ibm security_access_manager_for_mobile 8.0.0.31
ibm security_access_manager_for_mobile 8.0.1.0
ibm security_access_manager_for_mobile 8.0.1.1
ibm security_access_manager_for_mobile 8.0.1.2
ibm security_access_manager_for_mobile 8.0.1.3
ibm security_access_manager_for_mobile 8.0.1.4
ibm security_access_manager_for_mobile 8.0.1.5
ibm security_access_manager_for_mobile 8.0.1.6
ibm security_access_manager 9.0.0.0
ibm security_access_manager 9.0.0.1
ibm security_access_manager 9.0.1.0
ibm security_access_manager 9.0.2.0
ibm security_access_manager 9.0.2.1
ibm security_access_manager 9.0.3.0
ibm security_access_manager 9.0.3.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CAE25B3-55F6-4D93-9110-26323F5D6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB8C962-AAEA-4005-BC6B-7768310295E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E64D67-84B1-4B22-B68C-AAFA68149206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B0FD7F-8007-41F8-A0B3-0C11B9F6D2BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7255EFB-AE47-45E9-853E-5242D350A04E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F1E4CC-0FE8-4D18-9507-74131B8F21E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "624215F6-12DE-42B5-98AE-29F30C759690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B57D6417-ECB7-4A02-8C01-6E85087AD073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "92FF03BE-E1FC-491A-BBA5-0C67B9EC0F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B9EFD7C-D827-4079-BBA5-38601F1DA571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54E2A37-F451-4109-A367-A35D38D8E44C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "24BBDD80-3EBA-4F5E-89BC-4107431B813F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2826D12C-893B-4045-98C0-60FDBB5EC252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1678A4B5-E2BB-41A2-9238-D0D34B189D1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4412073-8390-46B3-94A6-20D7B8075838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E0AE0FD-6595-4132-8715-D2B859B04EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4256CF5F-8B99-4C5D-B67B-840DE56412EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA0D2F3-31B5-4AF8-B6E0-6795A240F094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "37632E93-91AA-47A6-9EF7-EB5A6FC4B843",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "937C104A-74B7-4FC4-B436-42C14C4E4339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4449E78-A1A2-423C-A9A4-5AB8ED7B1D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B351D1-5DB8-4C6D-8CA8-C22E6DE66D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8671CD-4FEA-4408-B594-ED8B7BD8543F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB5C09B-0681-42A1-AF82-15E91CD94787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "1083BB5E-C153-46D1-8FEE-63AEB52B5546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "59231981-02BF-4998-A86F-BFF6B4B79CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E912624A-33B5-4AF5-96DB-292C14B0A37D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB434802-50F4-4FCB-B674-C92FC5046140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0553613-6429-4202-B9F1-CB2F58412D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC68FC7C-F67D-44C7-AAA7-ECD2DB27C286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7D529E-724A-4AC6-91AA-9C771C980471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "12664D6B-1DF6-455E-99CB-08AF7A3C926E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FDBFAE1-351E-4E9F-877E-E9BBB50FCFF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE91D383-8FCF-4352-9DE4-306F99171785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "318A64DE-04E9-4A55-85D7-1079EECD7175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8961882B-0715-4B61-8343-9225BDDBC9E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "699C6485-0FA4-47EE-9081-0332D0B1F8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6165F468-26EE-4AA7-B806-007F78AFD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C01EE0-7BE2-420C-B538-A15589D9A019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DFB52D6-9F29-49C1-83CC-CE662253488B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B247D8-4BEC-41BC-822E-5C31A8AECCAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A32A31D-266C-47D9-B11D-3C2DAEF6A025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D32BB3A-3404-4B3B-AEBF-BF40B0CDC426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2958706F-D4E1-41C0-A341-2E045A110E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E149CF2-75F4-43E8-9B1C-657D95403AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE300627-1032-405E-96CC-B8CDF03C2326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "745799EB-8664-40D6-907B-9B8F640860E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "097C64C6-9C0E-463A-8EEB-2906D9131887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF8D79D-0859-4943-A3A9-0C2F4183A9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F491FA5-27ED-454B-850E-76DF60960D69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "24610D16-7235-4EE2-AF20-AAAFCDF749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4406DA-9DC1-4F76-9D2B-BE5BD8FB31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC7E8F5B-743B-4778-B096-1A2F950A31BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "3930684E-FA31-42CB-8750-097ABEBE643B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B733C54-4DDA-4491-A6A0-F07D7D879900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F34676D-8537-4C7A-9C25-EF6973C0AD81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A8CB2D8-D1EC-429B-8C8B-48AF082C5FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B0FF96-BF36-40A7-99B5-9904785D4A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08CB452-3475-4143-AD28-550E130A33B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D86E921-FF6A-4045-B853-0D6F86BF2475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "B582DA4C-9457-4EDD-A47B-66DB213198AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "575D7BEE-0DB2-435D-844E-387590EF087A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9BAD4E-9F38-4AB7-A566-834A97CD1A86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BACDCBD6-EEF3-4259-9866-A89105AA4C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "536755AC-3FA7-4FA4-8CA3-0E1D4CB0FB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68DB06C6-84B3-4DC6-AEE9-9DA49715A3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B894B409-DC42-4FA4-8864-387635B55F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B52B9A91-EDAF-43CC-A271-02ADCD691875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F740591-A399-49AC-911B-9ADD117B5BEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB9A2D-0ABF-46C3-A742-959CC39070DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B832D0A-923B-4F4B-9F81-BA1BA2E7A920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4EA2E35-08D1-4A2F-8941-0C87DF1BFC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A953FA93-A982-4104-8D6A-685E53613691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE0028F4-5A36-4597-9830-46CFE5CF2EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE607CA8-FB8A-4373-A345-822D5ABEA408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB32198-9382-43CC-9079-08D2162B4C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4336D4DD-5DE4-441E-B852-A2E1409953CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDCBBC83-DCE2-4522-9808-8EFA63485388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "66159D17-FAB8-408A-90FA-62E9F840B568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D79656C-0F25-4647-BE54-AAF0336C7BB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "940F82D3-5809-42DC-92B5-F699C34F6996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6994DE96-2967-4C7C-A896-B68E064C41C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "55734E7A-D2CA-490F-8BAC-F47CE1A2F3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9047D70-83D3-4D45-8A16-4299A0D06D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "65F66744-ABFA-4EB1-ACFB-FF88E0F20BBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C28A38-46FA-4878-9F03-D9ACB510ED88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D2EC653-CE7B-45A2-AB9F-F760646A4682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF01E4-FBF5-4AF5-A6E8-BECF6052F72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F0E063D-2C5E-4619-9176-9D28716BEDC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC30B443-ACDB-4D10-88F2-07DAF8684C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "E843FD37-844C-4359-9465-30C95B5F0831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE19EBF-68CA-4075-9A6D-B3DB7FF5DB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D424803C-85C3-4860-B842-93B98554070D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC489116-D486-4388-8E93-E6E98EA81868",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A3B2B3-52B4-4086-9092-364649265F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24ACD0C-D825-4B2B-9483-66F0B815CB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD382BC-2AA1-448E-BC8E-CAB2408995BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "23A074B8-A709-44F1-9CB9-7BF2590989C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F73936C-442D-4857-99B3-605E55D82833",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "54243412-CB97-4752-A31A-3CB6A757E495",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9CF344-C187-4D60-8C90-2FB459883D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97AF8910-3F9A-407F-9834-B57D5807693D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1BA86-C809-414E-8F58-2B6101518FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1634D4-28AB-4F12-B5FB-D32742F5836B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA35BD4-8738-47D3-A8F0-F9ABE4AEB985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "344FE134-DE7B-4925-875E-097DD0AB9AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "674FFA61-8F2A-43FB-BF51-68700698703C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "332D3784-C24E-45A7-880B-0C4A32687B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF0738FC-EAC8-45C4-ADA9-06DBE3D9EADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "837D32E7-CFB7-462B-8479-E9811C149775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7BE362F-72B3-481A-ABF4-4A36F4535F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73DE810-1D11-4480-AF62-DC37F22DCC71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D161F8-D61A-40DF-AA14-5256DD394082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "154B6E05-54C8-4271-A904-21CA6A2E6F6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "6389F03A-3547-44B1-9603-947735FC31B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2735E77-B9ED-4608-AFA5-969E039C82F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C58102A-8817-4656-AB85-07D60CB2D10F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "461046D0-29C2-4152-B4D2-C60E9A04EE07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "99EB7777-7CA5-41CB-98BC-AFC254E02C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CFFABA7-86BD-4201-89F9-0F61E673DB90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "F472F171-9FF2-4C44-AF5B-9CBA19E62A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5675CDEE-09CB-49D9-8C71-0CD71238129F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "69978C3B-708B-4CDC-8FA0-65A98F2223E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "74CAA03E-DE79-4527-918D-EA219DC2DA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_appliance:7.0.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB312B8-7B65-4CE9-B399-2896450B5647",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4AD958-FDB2-4F63-AD4F-C88B33BFA692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "397073E9-9696-4B4C-926D-668EA4A52E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "643E7B97-17AB-4209-804E-79E94F3D671F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F807870-4976-43E1-89BE-F08DEEE109CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2B3E49D-08E6-44CF-B034-D155247B5DB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F50A5E-111B-4CF6-A531-FE88E7735140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54372BE-6201-48AB-A720-F29E931E52B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCCE958E-6DFA-403E-B251-F5BA7825A546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA2F71C-E15F-4729-A0D9-C8C116819546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39017599-E63F-4101-8D37-62D9B0CE6917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB037932-234B-41AD-8119-D964796ADDFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA1DA71-91C8-4989-98B9-E924ED7B272A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F884817-A712-4A89-B199-2E2483CD8363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F627D1-6FB4-47A2-817D-F9EC914DAC51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C428319-FFE3-4365-ABFE-1E6D1CABC0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79613B00-9B72-43BB-A42A-3BB191021ED7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1B0C02-D5D9-4F10-9120-C76D39D5C323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44310E32-EA05-420B-8676-4E6EEAFB6631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B93CED0-E8FA-4238-8963-46074D11A334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "907BB0CF-D270-4493-8D61-9841E6C5FE45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0801BD2-D95B-4703-9804-A555F9E7BA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "525EF7EC-712E-4C84-A15C-B2A30BD11A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "049DD26B-9CF5-4E0C-812E-76A1224A15FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "909073A4-C6D5-47D7-911F-C855DB693EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A523C406-D64C-4CE6-8CBE-34D4C060E0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "707F0FE4-EC91-44FF-AA21-1E2A99AC5C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DFC0D0-2326-40CA-B4CC-65194566DA98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A180463-EDE0-47DB-A031-979E73AA2A33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF57E01-A333-49D7-8B25-D65B66410DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B67748-2677-44E7-B43D-857EBCA926C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AEE420D-4686-4C58-B77A-2E509983F4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C9CD3B-A25E-4DD1-9955-39E6E1EB4DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA399A01-351E-4587-9B0B-804452F09832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC682158-A8A0-4D2D-9ACD-ADF4093B7ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager:9.0.3.0:if1:*:*:*:*:*:*",
              "matchCriteriaId": "A483F61A-0DAC-43DB-B69B-37A6207C1CF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
    },
    {
      "lang": "es",
      "value": "Las configuraciones e-community de IBM Security Access Manager 6.1, 7.0, 8.0, y 9.0 podr\u00edan estar afectadas por una vulnerabilidad de redirecci\u00f3n. ECSSO Master Authentication puede redireccionar a un servidor que no participa en un dominio e-community. IBM X-Force ID: 128687."
    }
  ],
  "id": "CVE-2017-1489",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-29T01:35:13.517",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100592"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039227"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-4809

Vulnerability from fkie_nvd - Published: 2014-10-03 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/61294
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV64915
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21685246Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95376
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61294
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21685246Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/95376
Impacted products
Vendor Product Version
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.4
ibm security_access_manager_for_web_appliance 8.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm security_access_manager_for_web_appliance 7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "842C3B2E-4807-4150-AD45-620ACC88423F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22433CE0-9772-48CE-8069-612FF3732C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2569AA28-5C61-4BBD-A501-E1ACFA36837B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB188A2-D7CE-4141-A55A-C074C84E366E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4E5283-0FEE-4F37-9C41-FA695063FF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EB6121-62CD-49FC-A1D2-5467B007253C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El componente WebSEAL en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, cuando e-community SSO est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del componente) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-4809",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-03T01:55:07.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-4823

Vulnerability from fkie_nvd - Published: 2014-10-03 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/61278
psirt@us.ibm.comhttp://secunia.com/advisories/61294
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV64910
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV64919
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21684466Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95573
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61278
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61294
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21684466Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/95573
Impacted products
Vendor Product Version
ibm security_access_manager_for_web_7.0_firmware 7.0.0.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm security_access_manager_for_web_appliance 7.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.4
ibm security_access_manager_for_web_appliance 8.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.4
ibm security_access_manager_for_mobile_appliance 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "842C3B2E-4807-4150-AD45-620ACC88423F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22433CE0-9772-48CE-8069-612FF3732C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2569AA28-5C61-4BBD-A501-E1ACFA36837B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB188A2-D7CE-4141-A55A-C074C84E366E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4E5283-0FEE-4F37-9C41-FA695063FF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EB6121-62CD-49FC-A1D2-5467B007253C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DBCDA9-E7D5-4DD4-933F-93EE8B954671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA4B8E11-83D3-4B38-90B6-4C0F536D06B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "322E1B80-97BF-407E-AEFC-DD866F81B1CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La consola de administraci\u00f3n en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar comandos de sistema a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-4823",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-03T01:55:07.313",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/61278"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-6079

Vulnerability from fkie_nvd - Published: 2014-10-03 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://secunia.com/advisories/61278
psirt@us.ibm.comhttp://secunia.com/advisories/61294
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV64910
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV64919
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21684466Patch, Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21685244
psirt@us.ibm.comhttp://www.securityfocus.com/bid/70197
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95763
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61278
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61294
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21684466Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21685244
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70197
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/95763
Impacted products
Vendor Product Version
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.4
ibm security_access_manager_for_mobile_appliance 8.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm security_access_manager_for_web_appliance 7.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.4
ibm security_access_manager_for_web_appliance 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DBCDA9-E7D5-4DD4-933F-93EE8B954671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA4B8E11-83D3-4B38-90B6-4C0F536D06B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "322E1B80-97BF-407E-AEFC-DD866F81B1CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "842C3B2E-4807-4150-AD45-620ACC88423F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22433CE0-9772-48CE-8069-612FF3732C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2569AA28-5C61-4BBD-A501-E1ACFA36837B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB188A2-D7CE-4141-A55A-C074C84E366E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4E5283-0FEE-4F37-9C41-FA695063FF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EB6121-62CD-49FC-A1D2-5467B007253C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la interfaz de la gesti\u00f3n local en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, y Security Access Manager for Mobile 8.x anterior a 8.0.0-ISS-ISAM-FP0005, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2014-6079",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-10-03T01:55:07.407",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/61278"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/70197"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-3053

Vulnerability from fkie_nvd - Published: 2014-06-21 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59381
psirt@us.ibm.comhttp://secunia.com/advisories/59438
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676389
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676700Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/68132
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93501
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59381
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59438
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676389
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676700Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/68132
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93501
Impacted products
Vendor Product Version
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_appliance 8.0
ibm security_access_manager_for_mobile_software 8.0
ibm security_access_manager_for_web_software 7.0
ibm security_access_manager_for_web_software 8.0
ibm security_access_manager_for_mobile_appliance 8.0
ibm security_access_manager_for_web_appliance 7.0
ibm security_access_manager_for_web_appliance 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile_software:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "673DB620-B3D4-431D-A8F8-0EA4F53EC3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BACDCBD6-EEF3-4259-9866-A89105AA4C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CBEC75-1164-4E25-8D32-DBA39C6E8A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."
    },
    {
      "lang": "es",
      "value": "Local Management Interface (LMI) en IBM Security Access Manager (ISAM) for Mobile 8.0 con firmware 8.0.0.0 hasta 8.0.0.3 y IBM Security Access Manager for Web 7.0 y 8.0 con firmware 8.0.0.2 y 8.0.0.3, permite a atacantes remotos evadir autenticaci\u00f3n a trav\u00e9s de una acci\u00f3n de inicio de sesi\u00f3n con credenciales inv\u00e1lidas."
    }
  ],
  "id": "CVE-2014-3053",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 9.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-21T15:55:03.870",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59381"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59438"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/68132"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-3052

Vulnerability from fkie_nvd - Published: 2014-06-21 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676705
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93454
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676705
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
Impacted products
Vendor Product Version
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_appliance 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de proxy inverso en IBM Security Access Manager (ISAM) for Web 8.0 con firmware 8.0.0.2 y 8.0.0.3 interpreta el par\u00e1metro jct-nist-compliance de la forma opuesta de la intencionada, lo que facilita a atacantes remotos obtener informaci\u00f3n sensible mediante el aprovechamiento de configuraciones de codificaci\u00f3n SSL d\u00e9biles que carecen del cumplimiento NIST SP 800-131A."
    }
  ],
  "id": "CVE-2014-3052",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-21T15:55:03.807",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-3073

Vulnerability from fkie_nvd - Published: 2014-06-21 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59438
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV61563
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676699Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/68137
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93790
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59438
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676699Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/68137
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93790
Impacted products
Vendor Product Version
ibm security_access_manager_for_mobile_software 8.0
ibm security_access_manager_for_web_software 7.0
ibm security_access_manager_for_web_software 8.0
ibm security_access_manager_for_mobile_appliance 8.0
ibm security_access_manager_for_web_appliance 7.0
ibm security_access_manager_for_web_appliance 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile_software:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "673DB620-B3D4-431D-A8F8-0EA4F53EC3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BACDCBD6-EEF3-4259-9866-A89105AA4C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CBEC75-1164-4E25-8D32-DBA39C6E8A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM Security Access Manager (ISAM) for Mobile 8.0 y IBM Security Access Manager for Web 7.0 y 8.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2014-3073",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-21T15:55:03.930",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59438"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/68137"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-0963

Vulnerability from fkie_nvd - Published: 2014-05-08 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.
References
psirt@us.ibm.comhttp://secunia.com/advisories/58845
psirt@us.ibm.comhttp://secunia.com/advisories/59245
psirt@us.ibm.comhttp://secunia.com/advisories/59249
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV59660
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21672192Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676091Patch, Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676092Patch, Vendor Advisory
psirt@us.ibm.comhttp://www-304.ibm.com/support/docview.wss?uid=swg21680803
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21675496
psirt@us.ibm.comhttp://www.securityfocus.com/bid/67238
psirt@us.ibm.comhttp://www.securitytracker.com/id/1030707
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/92844
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58845
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59245
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59249
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21672192Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676091Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676092Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-304.ibm.com/support/docview.wss?uid=swg21680803
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21675496
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67238
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030707
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/92844
Impacted products
Vendor Product Version
ibm security_access_manager_for_web_software 7.0
ibm security_access_manager_for_web_software 8.0
ibm security_access_manager_for_web_appliance 7.0
ibm security_access_manager_for_web_appliance 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BACDCBD6-EEF3-4259-9866-A89105AA4C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CBEC75-1164-4E25-8D32-DBA39C6E8A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages."
    },
    {
      "lang": "es",
      "value": "La funcionalidad Reverse Proxy en IBM Global Security Kit (tambi\u00e9n conocido como GSKit) en IBM Security Access Manager (ISAM) para Web 7.0 anterior a 7.0.0-ISS-SAM-IF0006 y 8.0 anterior a 8.0.0.3-ISS-WGA-IF0002 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de mensajes SSL manipulados."
    }
  ],
  "evaluatorImpact": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21672192\n\n\"Affected Products and Versions\n\nAll versions of IBM Security Access Manager for Web, both software and appliance: 7.0, 8.0\"",
  "id": "CVE-2014-0963",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-08T10:55:03.560",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/58845"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59245"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59249"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/67238"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030707"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-1489 (GCVE-0-2017-1489)

Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
Severity ?
No CVSS data available.
CWE
  • Gain Access
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Security Access Manager for Web Affected: 6.1
Affected: 6.1.1
Affected: 7.0
Affected: 8.0
Affected: 8.0.0.2
Affected: 8.0.0.3
Affected: 8.0.0.4
Affected: 8.0.0.5
Affected: 8.0.0.1
Affected: 8.0.1
Affected: 8.0.1.2
Affected: 8.0.1.3
Affected: 9.0
Affected: 9.0.0.1
Affected: 9.0.1
Affected: 8.0.1.4
Affected: 8.0.1.5
Affected: 9.0.2
Affected: 9.0.2.1
Affected: 9.0.3
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
          },
          {
            "name": "100592",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100592"
          },
          {
            "name": "1039227",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039227"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Access Manager for Web",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.1.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.3"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.4"
            },
            {
              "status": "affected",
              "version": "8.0.1.5"
            },
            {
              "status": "affected",
              "version": "9.0.2"
            },
            {
              "status": "affected",
              "version": "9.0.2.1"
            },
            {
              "status": "affected",
              "version": "9.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-05T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
        },
        {
          "name": "100592",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100592"
        },
        {
          "name": "1039227",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039227"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-08-23T00:00:00",
          "ID": "CVE-2017-1489",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Access Manager for Web",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.1"
                          },
                          {
                            "version_value": "6.1.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.3"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.0.1.4"
                          },
                          {
                            "version_value": "8.0.1.5"
                          },
                          {
                            "version_value": "9.0.2"
                          },
                          {
                            "version_value": "9.0.2.1"
                          },
                          {
                            "version_value": "9.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
            },
            {
              "name": "100592",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100592"
            },
            {
              "name": "1039227",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039227"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006959",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1489",
    "datePublished": "2017-08-28T20:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:31:41.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6079 (GCVE-0-2014-6079)

Vulnerability from cvelistv5 – Published: 2014-10-03 01:00 – Updated: 2024-08-06 12:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www.securityfocus.com/bid/70197 vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/61294 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61278 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
          },
          {
            "name": "70197",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70197"
          },
          {
            "name": "IV64919",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
          },
          {
            "name": "ibm-sam-cve20146079-xss(95763)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
          },
          {
            "name": "61294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "61278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61278"
          },
          {
            "name": "IV64910",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
        },
        {
          "name": "70197",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70197"
        },
        {
          "name": "IV64919",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
        },
        {
          "name": "ibm-sam-cve20146079-xss(95763)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
        },
        {
          "name": "61294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61294"
        },
        {
          "name": "61278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61278"
        },
        {
          "name": "IV64910",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6079",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
            },
            {
              "name": "70197",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70197"
            },
            {
              "name": "IV64919",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
            },
            {
              "name": "ibm-sam-cve20146079-xss(95763)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "61278",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61278"
            },
            {
              "name": "IV64910",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6079",
    "datePublished": "2014-10-03T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4823 (GCVE-0-2014-4823)

Vulnerability from cvelistv5 – Published: 2014-10-03 01:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://secunia.com/advisories/61294 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61278 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
          },
          {
            "name": "ibm-sam-cve20144823-command-injection(95573)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
          },
          {
            "name": "IV64919",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
          },
          {
            "name": "61294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "61278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61278"
          },
          {
            "name": "IV64910",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
        },
        {
          "name": "ibm-sam-cve20144823-command-injection(95573)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
        },
        {
          "name": "IV64919",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
        },
        {
          "name": "61294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61294"
        },
        {
          "name": "61278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61278"
        },
        {
          "name": "IV64910",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4823",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
            },
            {
              "name": "ibm-sam-cve20144823-command-injection(95573)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
            },
            {
              "name": "IV64919",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "61278",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61278"
            },
            {
              "name": "IV64910",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4823",
    "datePublished": "2014-10-03T01:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4809 (GCVE-0-2014-4809)

Vulnerability from cvelistv5 – Published: 2014-10-03 01:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
          },
          {
            "name": "61294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "ibm-sam-cve20144809-dos(95376)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
          },
          {
            "name": "IV64915",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
        },
        {
          "name": "61294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61294"
        },
        {
          "name": "ibm-sam-cve20144809-dos(95376)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
        },
        {
          "name": "IV64915",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "ibm-sam-cve20144809-dos(95376)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
            },
            {
              "name": "IV64915",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4809",
    "datePublished": "2014-10-03T01:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3052 (GCVE-0-2014-3052)

Vulnerability from cvelistv5 – Published: 2014-06-21 15:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
          },
          {
            "name": "IV61553",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
          },
          {
            "name": "ibm-isam-cve20143052-encryption(93454)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
        },
        {
          "name": "IV61553",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
        },
        {
          "name": "ibm-isam-cve20143052-encryption(93454)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
            },
            {
              "name": "IV61553",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
            },
            {
              "name": "ibm-isam-cve20143052-encryption(93454)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3052",
    "datePublished": "2014-06-21T15:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3073 (GCVE-0-2014-3073)

Vulnerability from cvelistv5 – Published: 2014-06-21 15:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:55.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68137",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68137"
          },
          {
            "name": "ibm-isam-cve20143073-code-exec(93790)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
          },
          {
            "name": "IV61563",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "68137",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68137"
        },
        {
          "name": "ibm-isam-cve20143073-code-exec(93790)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
        },
        {
          "name": "IV61563",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3073",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68137",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68137"
            },
            {
              "name": "ibm-isam-cve20143073-code-exec(93790)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
            },
            {
              "name": "IV61563",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3073",
    "datePublished": "2014-06-21T15:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:55.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3053 (GCVE-0-2014-3053)

Vulnerability from cvelistv5 – Published: 2014-06-21 15:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/59381 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://secunia.com/advisories/59438 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www.securityfocus.com/bid/68132 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-isam-cve20143053-credentials(93501)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
          },
          {
            "name": "59381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59381"
          },
          {
            "name": "IV61557",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
          },
          {
            "name": "68132",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-isam-cve20143053-credentials(93501)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
        },
        {
          "name": "59381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59381"
        },
        {
          "name": "IV61557",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
        },
        {
          "name": "68132",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-isam-cve20143053-credentials(93501)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
            },
            {
              "name": "59381",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59381"
            },
            {
              "name": "IV61557",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
            },
            {
              "name": "68132",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3053",
    "datePublished": "2014-06-21T15:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0963 (GCVE-0-2014-0963)

Vulnerability from cvelistv5 – Published: 2014-05-08 10:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:39.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59249",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59249"
          },
          {
            "name": "ibm-gskit-cve20140963-dos(92844)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "name": "58845",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58845"
          },
          {
            "name": "IV59660",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
          },
          {
            "name": "59245",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59245"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
          },
          {
            "name": "1030707",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030707"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
          },
          {
            "name": "67238",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67238"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "59249",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59249"
        },
        {
          "name": "ibm-gskit-cve20140963-dos(92844)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
        },
        {
          "name": "58845",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58845"
        },
        {
          "name": "IV59660",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
        },
        {
          "name": "59245",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59245"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
        },
        {
          "name": "1030707",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030707"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
        },
        {
          "name": "67238",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67238"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0963",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59249",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59249"
            },
            {
              "name": "ibm-gskit-cve20140963-dos(92844)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
            },
            {
              "name": "58845",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58845"
            },
            {
              "name": "IV59660",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
            },
            {
              "name": "59245",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59245"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
            },
            {
              "name": "1030707",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030707"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21675496",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
            },
            {
              "name": "67238",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67238"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
            },
            {
              "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803",
              "refsource": "CONFIRM",
              "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0963",
    "datePublished": "2014-05-08T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:39.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1489 (GCVE-0-2017-1489)

Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
Severity ?
No CVSS data available.
CWE
  • Gain Access
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Security Access Manager for Web Affected: 6.1
Affected: 6.1.1
Affected: 7.0
Affected: 8.0
Affected: 8.0.0.2
Affected: 8.0.0.3
Affected: 8.0.0.4
Affected: 8.0.0.5
Affected: 8.0.0.1
Affected: 8.0.1
Affected: 8.0.1.2
Affected: 8.0.1.3
Affected: 9.0
Affected: 9.0.0.1
Affected: 9.0.1
Affected: 8.0.1.4
Affected: 8.0.1.5
Affected: 9.0.2
Affected: 9.0.2.1
Affected: 9.0.3
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
          },
          {
            "name": "100592",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100592"
          },
          {
            "name": "1039227",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039227"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Access Manager for Web",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.1.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.3"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.4"
            },
            {
              "status": "affected",
              "version": "8.0.1.5"
            },
            {
              "status": "affected",
              "version": "9.0.2"
            },
            {
              "status": "affected",
              "version": "9.0.2.1"
            },
            {
              "status": "affected",
              "version": "9.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-05T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
        },
        {
          "name": "100592",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100592"
        },
        {
          "name": "1039227",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039227"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-08-23T00:00:00",
          "ID": "CVE-2017-1489",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Access Manager for Web",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.1"
                          },
                          {
                            "version_value": "6.1.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.3"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "8.0.1.4"
                          },
                          {
                            "version_value": "8.0.1.5"
                          },
                          {
                            "version_value": "9.0.2"
                          },
                          {
                            "version_value": "9.0.2.1"
                          },
                          {
                            "version_value": "9.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128687"
            },
            {
              "name": "100592",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100592"
            },
            {
              "name": "1039227",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039227"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006959",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006959"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1489",
    "datePublished": "2017-08-28T20:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:31:41.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6079 (GCVE-0-2014-6079)

Vulnerability from nvd – Published: 2014-10-03 01:00 – Updated: 2024-08-06 12:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www.securityfocus.com/bid/70197 vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/61294 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61278 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
          },
          {
            "name": "70197",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70197"
          },
          {
            "name": "IV64919",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
          },
          {
            "name": "ibm-sam-cve20146079-xss(95763)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
          },
          {
            "name": "61294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "61278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61278"
          },
          {
            "name": "IV64910",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
        },
        {
          "name": "70197",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70197"
        },
        {
          "name": "IV64919",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
        },
        {
          "name": "ibm-sam-cve20146079-xss(95763)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
        },
        {
          "name": "61294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61294"
        },
        {
          "name": "61278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61278"
        },
        {
          "name": "IV64910",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6079",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
            },
            {
              "name": "70197",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70197"
            },
            {
              "name": "IV64919",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
            },
            {
              "name": "ibm-sam-cve20146079-xss(95763)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95763"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "61278",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61278"
            },
            {
              "name": "IV64910",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685244"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6079",
    "datePublished": "2014-10-03T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4823 (GCVE-0-2014-4823)

Vulnerability from nvd – Published: 2014-10-03 01:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://secunia.com/advisories/61294 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61278 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
          },
          {
            "name": "ibm-sam-cve20144823-command-injection(95573)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
          },
          {
            "name": "IV64919",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
          },
          {
            "name": "61294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "61278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61278"
          },
          {
            "name": "IV64910",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
        },
        {
          "name": "ibm-sam-cve20144823-command-injection(95573)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
        },
        {
          "name": "IV64919",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
        },
        {
          "name": "61294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61294"
        },
        {
          "name": "61278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61278"
        },
        {
          "name": "IV64910",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4823",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684466"
            },
            {
              "name": "ibm-sam-cve20144823-command-injection(95573)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95573"
            },
            {
              "name": "IV64919",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "61278",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61278"
            },
            {
              "name": "IV64910",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4823",
    "datePublished": "2014-10-03T01:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4809 (GCVE-0-2014-4809)

Vulnerability from nvd – Published: 2014-10-03 01:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
          },
          {
            "name": "61294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "ibm-sam-cve20144809-dos(95376)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
          },
          {
            "name": "IV64915",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
        },
        {
          "name": "61294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61294"
        },
        {
          "name": "ibm-sam-cve20144809-dos(95376)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
        },
        {
          "name": "IV64915",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "ibm-sam-cve20144809-dos(95376)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
            },
            {
              "name": "IV64915",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4809",
    "datePublished": "2014-10-03T01:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3052 (GCVE-0-2014-3052)

Vulnerability from nvd – Published: 2014-06-21 15:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
          },
          {
            "name": "IV61553",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
          },
          {
            "name": "ibm-isam-cve20143052-encryption(93454)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
        },
        {
          "name": "IV61553",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
        },
        {
          "name": "ibm-isam-cve20143052-encryption(93454)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676705"
            },
            {
              "name": "IV61553",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553"
            },
            {
              "name": "ibm-isam-cve20143052-encryption(93454)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93454"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3052",
    "datePublished": "2014-06-21T15:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3073 (GCVE-0-2014-3073)

Vulnerability from nvd – Published: 2014-06-21 15:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:55.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68137",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68137"
          },
          {
            "name": "ibm-isam-cve20143073-code-exec(93790)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
          },
          {
            "name": "IV61563",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "68137",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68137"
        },
        {
          "name": "ibm-isam-cve20143073-code-exec(93790)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
        },
        {
          "name": "IV61563",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3073",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68137",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68137"
            },
            {
              "name": "ibm-isam-cve20143073-code-exec(93790)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93790"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676699"
            },
            {
              "name": "IV61563",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61563"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3073",
    "datePublished": "2014-06-21T15:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:55.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3053 (GCVE-0-2014-3053)

Vulnerability from nvd – Published: 2014-06-21 15:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/59381 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://secunia.com/advisories/59438 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www.securityfocus.com/bid/68132 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-isam-cve20143053-credentials(93501)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
          },
          {
            "name": "59381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59381"
          },
          {
            "name": "IV61557",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
          },
          {
            "name": "59438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
          },
          {
            "name": "68132",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-isam-cve20143053-credentials(93501)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
        },
        {
          "name": "59381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59381"
        },
        {
          "name": "IV61557",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
        },
        {
          "name": "59438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
        },
        {
          "name": "68132",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-isam-cve20143053-credentials(93501)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
            },
            {
              "name": "59381",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59381"
            },
            {
              "name": "IV61557",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
            },
            {
              "name": "59438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59438"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
            },
            {
              "name": "68132",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3053",
    "datePublished": "2014-06-21T15:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0963 (GCVE-0-2014-0963)

Vulnerability from nvd – Published: 2014-05-08 10:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:39.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59249",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59249"
          },
          {
            "name": "ibm-gskit-cve20140963-dos(92844)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "name": "58845",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58845"
          },
          {
            "name": "IV59660",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
          },
          {
            "name": "59245",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59245"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
          },
          {
            "name": "1030707",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030707"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
          },
          {
            "name": "67238",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67238"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "59249",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59249"
        },
        {
          "name": "ibm-gskit-cve20140963-dos(92844)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
        },
        {
          "name": "58845",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58845"
        },
        {
          "name": "IV59660",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
        },
        {
          "name": "59245",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59245"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
        },
        {
          "name": "1030707",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030707"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
        },
        {
          "name": "67238",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67238"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0963",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59249",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59249"
            },
            {
              "name": "ibm-gskit-cve20140963-dos(92844)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92844"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
            },
            {
              "name": "58845",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58845"
            },
            {
              "name": "IV59660",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660"
            },
            {
              "name": "59245",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59245"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672192"
            },
            {
              "name": "1030707",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030707"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21675496",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
            },
            {
              "name": "67238",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67238"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
            },
            {
              "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803",
              "refsource": "CONFIRM",
              "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21680803"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0963",
    "datePublished": "2014-05-08T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:39.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}