Vulnerabilities > IBM > Security Access Manager FOR WEB > 8.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-06 CVE-2017-1480 Information Exposure Through Log Files vulnerability in IBM products
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user.
network
low complexity
ibm CWE-532
4.3
4.3
2018-06-06 CVE-2017-1476 Information Exposure vulnerability in IBM products
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
5.9
2018-06-06 CVE-2017-1474 Information Exposure vulnerability in IBM products
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
5.3
2017-02-01 CVE-2016-3045 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web stores sensitive information in URL parameters.
network
high complexity
ibm CWE-200
3.7
3.7
2016-11-25 CVE-2016-3028 OS Command Injection vulnerability in IBM products
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
network
low complexity
ibm CWE-78
critical
 9.1
9.1