Vulnerabilities > IBM > Security Access Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-13 CVE-2018-1803 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-1021
6.1
6.1
2018-12-13 CVE-2018-1740 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-12-13 CVE-2018-1653 Cross-site Scripting vulnerability in IBM Security Access Manager
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-06-06 CVE-2017-1480 Information Exposure Through Log Files vulnerability in IBM products
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user.
network
low complexity
ibm CWE-532
4.3
4.3
2018-06-06 CVE-2017-1476 Information Exposure vulnerability in IBM products
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
5.9
2018-06-06 CVE-2017-1474 Information Exposure vulnerability in IBM products
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
5.3
2018-03-08 CVE-2018-1443 Improper Authentication vulnerability in IBM products
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password.
local
low complexity
ibm CWE-287
5.9
5.9
2017-08-29 CVE-2017-1489 Open Redirect vulnerability in IBM products
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability.
network
low complexity
ibm CWE-601
6.1
6.1
2017-02-01 CVE-2016-3018 Cross-site Scripting vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1