Ibm Security Access Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Access Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (48)
CVE-2018-1722 — CVSS 10.0 (critical): IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation…
CVE-2020-4499 — CVSS 9.8 (critical): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or…
CVE-2016-3028 — CVSS 9.1 (critical): IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow…
CVE-2018-1850 — CVSS 8.8 (high): IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access…
CVE-2019-4135 — CVSS 8.8 (high): IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate…
CVE-2016-3025 — CVSS 8.1 (high): IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict…
CVE-2023-30998 — CVSS 7.8 (high): IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access…
CVE-2023-30997 — CVSS 7.8 (high): IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access…
CVE-2023-38370 — CVSS 7.5 (high): IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install…
CVE-2021-20439 — CVSS 7.5 (high): IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read…
CVE-2019-4036 — CVSS 7.5 (high): IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM…
CVE-2019-4145 — CVSS 7.1 (high): IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used…
CVE-2019-4707 — CVSS 7.1 (high): IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A…
CVE-2018-1970 — CVSS 7.1 (high): IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote…
CVE-2019-4153 — CVSS 6.8 (medium): IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack…
CVE-2020-4461 — CVSS 6.5 (medium): IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation…
CVE-2024-35139 — CVSS 6.2 (medium): IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container…
CVE-2024-35137 — CVSS 6.2 (medium): IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive…
CVE-2019-4552 — CVSS 6.1 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote…
CVE-2018-1815 — CVSS 6.1 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to…
CVE-2018-1803 — CVSS 6.1 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking…
CVE-2019-4157 — CVSS 6.1 (medium): IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2019-4725 — CVSS 6.1 (medium): IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2016-3018 — CVSS 6.1 (medium): IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2017-1489 — CVSS 6.1 (medium): IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master…
CVE-2017-1476 — CVSS 5.9 (medium): IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain…
CVE-2018-1887 — CVSS 5.9 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password…
CVE-2019-4156 — CVSS 5.9 (medium): IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt…
CVE-2018-1814 — CVSS 5.9 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms…
CVE-2018-1443 — CVSS 5.9 (medium): An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli…
CVE-2023-38371 — CVSS 5.9 (medium): IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an…
CVE-2019-4151 — CVSS 5.9 (medium): IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt…
CVE-2023-38368 — CVSS 5.5 (medium): IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission…
CVE-2019-4158 — CVSS 5.4 (medium): IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of…
CVE-2018-1653 — CVSS 5.4 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This…
CVE-2018-1740 — CVSS 5.4 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This…
CVE-2020-4660 — CVSS 5.3 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side…
CVE-2020-4661 — CVSS 5.3 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side…
CVE-2020-4699 — CVSS 5.3 (medium): IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side…
CVE-2017-1474 — CVSS 5.3 (medium): IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to…
CVE-2018-1886 — CVSS 5.3 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized…
CVE-2019-4152 — CVSS 4.4 (medium): IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session…
CVE-2018-1813 — CVSS 4.3 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation…
CVE-2017-1480 — CVSS 4.3 (medium): IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log…
CVE-2018-1805 — CVSS 4.3 (medium): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive…
CVE-2018-1804 — CVSS 3.7 (low): IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization…
CVE-2019-4150 — CVSS 3.7 (low): IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to…
CVE-2016-3045 — CVSS 3.7 (low): IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized…