Vulnerabilities > IBM > Security Access Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-35137 | Weak Password Requirements vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. | 6.2 |
| 2024-06-28 | CVE-2024-35139 | Incorrect Default Permissions vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. | 5.5 |
| 2024-06-27 | CVE-2023-38368 | Incorrect Authorization vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. | 5.5 |
| 2024-06-27 | CVE-2023-38370 | Incorrect Default Permissions vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. | 6.5 |
| 2020-10-15 | CVE-2019-4552 | Unspecified vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. | 6.1 |
| 2020-10-12 | CVE-2020-4699 | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
| 2020-10-12 | CVE-2020-4661 | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
| 2020-10-12 | CVE-2020-4660 | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
| 2020-10-06 | CVE-2019-4725 | Cross-site Scripting vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2020-05-20 | CVE-2020-4461 | Unspecified vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. | 6.5 |