Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm security access manager vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2018-1804
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an malicious user to obtain sensitive information using man in the middle techniques. IBM X-Force I...
Ibm Security Access Manager
6.5
CVSSv3
CVE-2018-1813
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows malicious users to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.
Ibm Security Access Manager
7.1
CVSSv3
CVE-2018-1970
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
Ibm Security Access Manager
6.1
CVSSv3
CVE-2018-1803
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijac...
Ibm Security Access Manager
8.8
CVSSv3
CVE-2019-4135
IBM Security Access Manager 9.0.1 up to and including 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
Ibm Security Access Manager
7.1
CVSSv3
CVE-2019-4145
IBM Security Access Manager 9.0.1 up to and including 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.
Ibm Security Access Manager
3.7
CVSSv3
CVE-2019-4150
IBM Security Access Manager 9.0.1 up to and including 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an malicious user to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.
Ibm Security Access Manager
5.9
CVSSv3
CVE-2019-4151
IBM Security Access Manager 9.0.1 up to and including 9.0.6 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 158512.
Ibm Security Access Manager
4.4
CVSSv3
CVE-2019-4152
IBM Security Access Manager 9.0.1 up to and including 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
Ibm Security Access Manager
6.8
CVSSv3
CVE-2019-4153
IBM Security Access Manager 9.0.1 up to and including 9.0.6 could allow a remote malicious user to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof th...
Ibm Security Access Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »