Vulnerabilities > IBM > Tivoli Access Manager FOR E Business
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-1489 | Open Redirect vulnerability in IBM products IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. | 5.8 |
| 2011-01-19 | CVE-2011-0494 | Path Traversal vulnerability in IBM Tivoli Access Manager FOR E-Business Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. | 5.0 |
| 2010-12-30 | CVE-2010-4623 | Resource Management Errors vulnerability in IBM Tivoli Access Manager for E-Business 6.1.1 WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. | 4.0 |
| 2010-12-30 | CVE-2010-4622 | Path Traversal vulnerability in IBM Tivoli Access Manager for E-Business 6.1.1 Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI. | 5.0 |
| 2010-10-28 | CVE-2010-4120 | Cross-Site Scripting vulnerability in IBM Tivoli Access Manager FOR E-Business 6.1.0/6.1.1 Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. | 4.3 |
| 2010-01-14 | CVE-2010-0311 | Privilege Escalation vulnerability in SUN Java System Identity Server 8.1.0.5/8.1.0.6 Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. | 6.8 |
| 2008-11-27 | CVE-2008-5257 | Improper Input Validation vulnerability in IBM Tivoli Access Manager for E-Business 6.0.0.17 webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan. | 4.3 |
| 2006-02-06 | CVE-2006-0513 | Directory Traversal vulnerability in IBM Tivoli Access Manager for E-Business 5.1.0.10/6.0.0 Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2558 | Product Unspecified Credential Impersonation vulnerability in IBM Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack." | 7.5 |