Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
user access manager vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-19992
An issue exists in Selesta Visual Access Manager (VAM) 4.15.0 up to and including 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file ...
Seling Visual Access Manager
2.1
CVSSv2
CVE-2018-15316
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
F5 Big-ip Edge Client
6.5
CVSSv2
CVE-2019-19988
An issue exists in Selesta Visual Access Manager (VAM) 4.15.0 up to and including 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parame...
Seling Visual Access Manager
3.5
CVSSv2
CVE-2019-4153
IBM Security Access Manager 9.0.1 up to and including 9.0.6 could allow a remote malicious user to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof th...
Ibm Security Access Manager
NA
CVE-2023-35185
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
Solarwinds Access Rights Manager
NA
CVE-2023-35182
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
Solarwinds Access Rights Manager
NA
CVE-2023-35180
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
Solarwinds Access Rights Manager
NA
CVE-2023-31002
IBM Security Access Manager Container 10.0.0.0 up to and including 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.
Ibm Security Access Manager Container
NA
CVE-2023-38369
IBM Security Access Manager Container 10.0.0.0 up to and including 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for malicious users to compromise user accounts. IBM X-Force ID: 261196.
Ibm Security Access Manager Container
5.5
CVSSv2
CVE-2020-4395
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.
Ibm Security Access Manager Appliance 9.0.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »