Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
user access manager vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2018-15316
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager Client
F5 Big-ip Edge Client
6.5
CVSSv3
CVE-2019-19992
An issue exists in Selesta Visual Access Manager (VAM) 4.15.0 up to and including 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file ...
Seling Visual Access Manager
8.8
CVSSv3
CVE-2019-19988
An issue exists in Selesta Visual Access Manager (VAM) 4.15.0 up to and including 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parame...
Seling Visual Access Manager
6.8
CVSSv3
CVE-2019-4153
IBM Security Access Manager 9.0.1 up to and including 9.0.6 could allow a remote malicious user to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof th...
Ibm Security Access Manager
6.8
CVSSv3
CVE-2023-35185
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
Solarwinds Access Rights Manager
9.8
CVSSv3
CVE-2023-35182
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
Solarwinds Access Rights Manager
8.8
CVSSv3
CVE-2023-35180
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
Solarwinds Access Rights Manager
5.5
CVSSv3
CVE-2023-31002
IBM Security Access Manager Container 10.0.0.0 up to and including 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.
Ibm Security Access Manager Container
7.5
CVSSv3
CVE-2023-38369
IBM Security Access Manager Container 10.0.0.0 up to and including 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for malicious users to compromise user accounts. IBM X-Force ID: 261196.
Ibm Security Access Manager Container
9.8
CVSSv3
CVE-2022-35405
Zoho ManageEngine Password Manager Pro prior to 12101 and PAM360 prior to 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus prior to 4303 with authentication.)
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.5
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »