Ibm Security Access Manager 9.0 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Access Manager 9.0 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2016-2908 — CVSS 9.1 (critical): IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error…
CVE-2017-1453 — CVSS 8.8 (high): IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By…
CVE-2016-3029 — CVSS 8.8 (high): IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2017-1477 — CVSS 8.1 (high): IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A…
CVE-2015-5018 — CVSS 8.0 (high): IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1…
CVE-2015-5010 — CVSS 7.5 (high): IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout…
CVE-2016-5919 — CVSS 7.5 (high): IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker…
CVE-2015-5012 — CVSS 7.5 (high): The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before…
CVE-2016-3017 — CVSS 7.5 (high): IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.
CVE-2016-3022 — CVSS 6.5 (medium): IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file…
CVE-2016-3019 — CVSS 6.5 (medium): IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2016-3027 — CVSS 6.5 (medium): IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when…
CVE-2017-1533 — CVSS 6.1 (medium): IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2015-8531 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows…
CVE-2016-3043 — CVSS 5.9 (medium): IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable…
CVE-2015-5013 — CVSS 5.5 (medium): The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated…
CVE-2016-3020 — CVSS 5.5 (medium): IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by…
CVE-2016-3023 — CVSS 5.3 (medium): IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file…
CVE-2016-3016 — CVSS 4.4 (medium): IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and…
CVE-2016-3051 — CVSS 4.3 (medium): IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM…
CVE-2017-1459 — CVSS 4.2 (medium): IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that…
CVE-2016-3024 — CVSS 4.0 (medium): IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
CVE-2017-1478 — CVSS 3.3 (low): IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM…
CVE-2016-3021 — CVSS 2.7 (low): IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a…
CVE-2016-3046 — CVSS 2.7 (low): IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which…