Vulnerabilities > IBM > Security Access Manager FOR WEB Appliance > 8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-01 | CVE-2016-3017 | Improperly Implemented Security Check for Standard vulnerability in IBM products IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | 5.0 |
2017-02-01 | CVE-2016-3016 | Insufficient Verification of Data Authenticity vulnerability in IBM products IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. | 3.5 |
2017-02-01 | CVE-2016-2908 | XXE vulnerability in IBM products IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. | 6.4 |
2014-10-03 | CVE-2014-6079 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-10-03 | CVE-2014-4823 | OS Command Injection vulnerability in IBM products The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | 10.0 |
2014-10-03 | CVE-2014-4809 | Remote Denial of Service vulnerability in IBM products The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. network ibm | 7.1 |
2014-06-21 | CVE-2014-3073 | Remote Code Execution vulnerability in IBM Security Access Manager Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2014-06-21 | CVE-2014-3053 | Improper Authentication vulnerability in IBM products The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | 8.0 |
2014-06-21 | CVE-2014-3052 | Configuration vulnerability in IBM products The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance. | 3.3 |
2014-05-08 | CVE-2014-0963 | Resource Management Errors vulnerability in IBM products The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages. | 7.1 |