Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
access manager vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2017-1480
IBM Security Access Manager Appliance 8.0.0 up to and including 8.0.1.6, and 9.0.0 up to and including 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
Ibm Security Access Manager
Ibm Security Access Manager For Web
Ibm Security Access Manager For Mobile
5.3
CVSSv3
CVE-2016-7467
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authenticatio...
F5 Big-ip Access Policy Manager 12.1.1
F5 Big-ip Access Policy Manager 12.0.0
F5 Big-ip Access Policy Manager 11.6.0
F5 Big-ip Access Policy Manager 11.5.4
F5 Big-ip Access Policy Manager 12.1.0
F5 Big-ip Access Policy Manager 11.6.1
5.3
CVSSv3
CVE-2016-3687
Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x prior to 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a bas...
F5 Big-ip Access Policy Manager 11.5.4
F5 Big-ip Access Policy Manager 11.5.3
F5 Big-ip Access Policy Manager 11.5.2
F5 Big-ip Access Policy Manager 11.5.1
F5 Big-ip Access Policy Manager 11.6.0
F5 Big-ip Access Policy Manager 11.5.0
F5 Big-ip Access Policy Manager 11.4.0
F5 Big-ip Access Policy Manager 11.4.1
F5 Big-ip Access Policy Manager 11.2.1
F5 Big-ip Edge Gateway 11.2.1
7.5
CVSSv3
CVE-2015-5010
IBM Security Access Manager for Web 7.0 prior to 7.0.0 IF21, 8.0 prior to 8.0.1.3 IF4, and 9.0 prior to 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote malicious users to obtain access via a brute-force attack.
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.9
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.8
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.7
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.6
Ibm Security Access Manager For Web 8.0 Firmware 8.0.1.2
Ibm Security Access Manager For Web 8.0 Firmware 8.0.1.0
Ibm Security Access Manager For Web 8.0 Firmware 8.0.1
Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.5
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.18
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.19
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.20
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.12
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.15
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.13
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.5
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.3
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.17
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.11
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.1
Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.2
Ibm Security Access Manager 9.0 Firmware 9.0.0
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.16
5.5
CVSSv3
CVE-2016-5748
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be used to disclose the content of local files to logged-in users.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
5.5
CVSSv3
CVE-2016-5749
NetIQ Access Manager 4.1 prior to 4.1.2 HF 1 and 4.2 prior to 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
8.8
CVSSv3
CVE-2016-5750
The certificate upload feature in iManager in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
6.1
CVSSv3
CVE-2016-5751
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2 could be used to trigger XSS and leak authentication credentials.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
7.5
CVSSv3
CVE-2016-5752
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original request...
Netiq Access Manager 4.1
Netiq Access Manager 4.2
7.5
CVSSv3
CVE-2016-5754
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 before SP2.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »