Vulnerabilities > IBM > Security Access Manager FOR Enterprise Single Sign ON
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-26 | CVE-2019-4513 | XXE vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2018-08-17 | CVE-2017-1732 | Information Exposure vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. | 5.0 |
2013-12-23 | CVE-2013-5420 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2 The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. | 3.5 |
2013-12-22 | CVE-2013-6745 | Cross-Site Scripting vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2 Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | 3.5 |
2013-12-22 | CVE-2013-5421 | Cross-Site Scripting vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2 Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | 4.3 |