Vulnerabilities > IBM > Security Access Manager

DATE CVE VULNERABILITY TITLE RISK
2018-12-13 CVE-2018-1814 Inadequate Encryption Strength vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
7.5
2018-12-13 CVE-2018-1813 Unspecified vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.
network
low complexity
ibm
6.5
6.5
2018-12-13 CVE-2018-1805 Information Exposure vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-200
4.3
4.3
2018-12-13 CVE-2018-1804 Session Fixation vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
ibm CWE-384
3.7
3.7
2018-12-13 CVE-2018-1803 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-1021
6.1
6.1
2018-12-13 CVE-2018-1740 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-12-13 CVE-2018-1653 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-10-22 CVE-2018-1850 Unspecified vulnerability in IBM Security Access Manager 9.0.3.1/9.0.4.0/9.0.5.0
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running.
network
high complexity
ibm
7.5
7.5
2018-08-24 CVE-2018-1722 Unspecified vulnerability in IBM Security Access Manager 9.0.4.0/9.0.5.0
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running.
network
low complexity
ibm
critical
 10.0
10
2018-06-06 CVE-2017-1480 Information Exposure Through Log Files vulnerability in IBM products
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user.
network
low complexity
ibm CWE-532
4.3
4.3