Vulnerabilities > IBM > Security Access Manager FOR Enterprise Single Sign ON

DATE CVE VULNERABILITY TITLE RISK
2019-08-26 CVE-2019-4513 XXE vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
8.2
2018-08-17 CVE-2017-1732 Information Exposure vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-200
5.0
5.0
2013-12-23 CVE-2013-5420 Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
network
ibm CWE-264
3.5
3.5
2013-12-22 CVE-2013-6745 Cross-Site Scripting vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
network
ibm CWE-79
3.5
3.5
2013-12-22 CVE-2013-5421 Cross-Site Scripting vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
network
ibm CWE-79
4.3
4.3