Vulnerabilities > IBM > Security Access Manager > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-27 CVE-2023-30997 Unspecified vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls.
local
low complexity
ibm
7.8
2024-06-27 CVE-2023-30998 Unspecified vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls.
local
low complexity
ibm
7.8
2024-06-27 CVE-2023-38371 Unspecified vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm
7.5
2021-07-15 CVE-2021-20439 Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
network
low complexity
ibm CWE-522
7.5
2020-01-28 CVE-2019-4707 XXE vulnerability in IBM Security Access Manager 9.0.7.0
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2019-10-25 CVE-2019-4036 Unspecified vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component.
network
low complexity
ibm
7.5
2019-06-25 CVE-2019-4145 Unspecified vulnerability in IBM Security Access Manager
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system.
local
low complexity
ibm
7.1
2019-06-25 CVE-2019-4135 Unspecified vulnerability in IBM Security Access Manager
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users.
network
low complexity
ibm
8.8
2019-02-04 CVE-2018-1970 XXE vulnerability in IBM Security Access Manager
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-12-13 CVE-2018-1887 Use of Hard-coded Credentials vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
local
low complexity
ibm CWE-798
7.8