Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Security Access Manager 9.0 Firmware
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8531 1 Ibm 2 Security Access Manager 9.0 Firmware, Security Access Manager For Web 8.0 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-5018 1 Ibm 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware 2024-11-21 8.5 HIGH 8.0 HIGH
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
CVE-2015-5013 1 Ibm 6 Security Access Manager 9.0, Security Access Manager 9.0 Firmware, Security Access Manager For Mobile and 3 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
CVE-2015-5012 1 Ibm 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2015-5010 1 Ibm 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.