Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
user access manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-31003
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 up to and including 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.
Ibm Security Verify Access
Ibm Security Verify Access Docker
187
VMScore
CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.
F5 Big-ip Websafe 11.5.4
F5 Big-ip Websafe 11.6.0
F5 Big-ip Policy Enforcement Manager 11.5.2
F5 Big-ip Policy Enforcement Manager 11.5.1
F5 Big-ip Application Security Manager 11.5.4
F5 Big-ip Application Security Manager 11.6.0
F5 Big-ip Access Policy Manager 11.5.4
F5 Big-ip Link Controller 11.6.1
F5 Big-ip Analytics 11.5.4
F5 Big-ip Analytics 11.6.0
F5 Big-ip Advanced Firewall Manager 11.5.4
F5 Big-ip Advanced Firewall Manager 11.6.0
F5 Big-ip Application Acceleration Manager 11.5.4
F5 Big-ip Application Acceleration Manager 11.6.0
F5 Big-ip Application Acceleration Manager 12.0.0
F5 Big-ip Local Traffic Manager 11.6.0
F5 Big-ip Local Traffic Manager 12.0.0
F5 Big-ip Global Traffic Manager 11.5.0
F5 Big-ip Link Controller 11.5.0
F5 Big-ip Websafe 11.5.2
F5 Big-ip Websafe 11.5.3
F5 Big-ip Policy Enforcement Manager 11.5.4
NA
CVE-2023-31005
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 up to and including 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 up to and including 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configu...
Ibm Security Verify Access
Ibm Security Verify Access Docker
NA
CVE-2023-32329
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 up to and including 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 up to and including 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file va...
Ibm Security Verify Access
Ibm Security Verify Access Docker
NA
CVE-2023-38267
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 up to and including 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed...
Ibm Security Verify Access
Ibm Security Verify Access Docker
356
VMScore
CVE-2020-27727
On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the file...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
668
VMScore
CVE-2005-2631
Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote malicious users to bypass security checks, change the assigned role of a user, or disconnect users.
Cisco Network Admission Control Manager And Server System Software 3.3.3
Cisco Network Admission Control Manager And Server System Software 3.3.4
Cisco Network Admission Control Manager And Server System Software 3.4.1
Cisco Network Admission Control Manager And Server System Software 3.4.2
Cisco Network Admission Control Manager And Server System Software 3.4.3
Cisco Network Admission Control Manager And Server System Software 3.3
Cisco Network Admission Control Manager And Server System Software 3.3.7
Cisco Network Admission Control Manager And Server System Software 3.3.8
Cisco Network Admission Control Manager And Server System Software 3.5
Cisco Network Admission Control Manager And Server System Software 3.5.1
Cisco Network Admission Control Manager And Server System Software 3.3.5
Cisco Network Admission Control Manager And Server System Software 3.3.6
Cisco Network Admission Control Manager And Server System Software 3.4.4
Cisco Network Admission Control Manager And Server System Software 3.4.5
Cisco Network Admission Control Manager And Server System Software 3.3.1
Cisco Network Admission Control Manager And Server System Software 3.3.2
Cisco Network Admission Control Manager And Server System Software 3.3.9
Cisco Network Admission Control Manager And Server System Software 3.4
Cisco Network Admission Control Manager And Server System Software 3.5.2
Cisco Network Admission Control Manager And Server System Software 3.5.3
356
VMScore
CVE-2022-1468
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have r...
F5 Big-ip Local Traffic Manager 11.6.1
F5 Big-ip Local Traffic Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.1.0
F5 Big-ip Access Policy Manager 12.1.2
F5 Big-ip Global Traffic Manager 11.6.1
F5 Big-ip Domain Name System 12.1.2
F5 Big-ip Policy Enforcement Manager 12.1.1
F5 Big-ip Policy Enforcement Manager 12.1.2
F5 Big-ip Advanced Firewall Manager 12.1.2
F5 Big-ip Application Security Manager 12.1.1
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Advanced Firewall Manager 11.6.1
F5 Big-ip Advanced Firewall Manager 12.1.1
F5 Big-ip Analytics 11.6.1
F5 Big-ip Analytics 12.1.0
F5 Big-ip Analytics 12.1.2
F5 Big-ip Application Acceleration Manager 11.6.1
F5 Big-ip Application Acceleration Manager 12.1.0
F5 Big-ip Application Acceleration Manager 12.1.1
F5 Big-ip Application Acceleration Manager 12.1.2
F5 Big-ip Application Security Manager 11.6.1
534
VMScore
CVE-2020-5905
In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
605
VMScore
CVE-2020-5904
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »