Product:

Security_access_manager

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 47
Date Id Summary Products Score Patch Annotated
2019-10-25 CVE-2019-4036 IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. Security_access_manager 7.5
2020-05-20 CVE-2020-4461 IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. Security_access_manager 6.5
2020-10-15 CVE-2020-4499 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Security_access_manager, Security_verify_access 9.8
2020-10-15 CVE-2019-4552 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Security_access_manager, Security_verify_access 6.1
2020-10-12 CVE-2020-4699 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Security_access_manager, Security_verify_access 5.3
2020-10-12 CVE-2020-4661 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Security_access_manager, Security_verify_access 5.3
2020-10-12 CVE-2020-4660 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Security_access_manager, Security_verify_access 5.3
2018-12-13 CVE-2018-1803 IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702. Security_access_manager 6.1
2020-01-28 CVE-2019-4707 IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. Security_access_manager N/A
2019-02-04 CVE-2018-1970 IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. Security_access_manager 7.1