Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm security access manager vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-4158
IBM Security Access Manager 9.0.1 up to and including 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.
Ibm Security Access Manager
5.9
CVSSv3
CVE-2019-4151
IBM Security Access Manager 9.0.1 up to and including 9.0.6 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 158512.
Ibm Security Access Manager
6.1
CVSSv3
CVE-2018-1803
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijac...
Ibm Security Access Manager
5.4
CVSSv3
CVE-2018-1740
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...
Ibm Security Access Manager
3.7
CVSSv3
CVE-2018-1804
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an malicious user to obtain sensitive information using man in the middle techniques. IBM X-Force I...
Ibm Security Access Manager
4.3
CVSSv3
CVE-2018-1805
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.
Ibm Security Access Manager
6.1
CVSSv3
CVE-2019-4725
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X...
Ibm Security Access Manager
7.1
CVSSv3
CVE-2018-1970
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
Ibm Security Access Manager
7.5
CVSSv3
CVE-2018-1814
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 150018.
Ibm Security Access Manager
6.5
CVSSv3
CVE-2020-4461
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.
Ibm Security Access Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »