Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm security access manager vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2018-1970
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
Ibm Security Access Manager
NA
CVE-2023-31002
IBM Security Access Manager Container 10.0.0.0 up to and including 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.
Ibm Security Access Manager Container
NA
CVE-2023-38369
IBM Security Access Manager Container 10.0.0.0 up to and including 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for malicious users to compromise user accounts. IBM X-Force ID: 261196.
Ibm Security Access Manager Container
5.5
CVSSv2
CVE-2019-4707
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
Ibm Security Access Manager 9.0.7.0
5.5
CVSSv2
CVE-2020-4395
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.
Ibm Security Access Manager Appliance 9.0.7
4.6
CVSSv2
CVE-2022-22465
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.
Ibm Security Verify Access 10.0.1.0
Ibm Security Verify Access 10.0.2.0
Ibm Security Verify Access 10.0.0.0
Ibm Security Verify Access 10.0.3.0
5
CVSSv2
CVE-2022-22464
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 225081.
Ibm Security Verify Access 10.0.1.0
Ibm Security Verify Access 10.0.2.0
Ibm Security Verify Access 10.0.0.0
Ibm Security Verify Access 10.0.3.0
6.4
CVSSv2
CVE-2022-22463
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the malicious user to view, add, modify or delete information in the back-end database...
Ibm Security Verify Access 10.0.1.0
Ibm Security Verify Access 10.0.2.0
Ibm Security Verify Access 10.0.0.0
Ibm Security Verify Access 10.0.3.0
NA
CVE-2023-31001
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 up to and including 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.
Ibm Security Verify Access
Ibm Security Verify Access Docker
NA
CVE-2023-31003
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 up to and including 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.
Ibm Security Verify Access
Ibm Security Verify Access Docker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »