threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm security access manager
Product
ibm security access manager
48 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-35139
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the con
6.2
MEDIUM
CVE-2024-35137
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to
6.2
MEDIUM
CVE-2023-38370
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to i
7.5
HIGH
CVE-2023-38368
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper p
5.5
MEDIUM
CVE-2023-30998
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access
7.8
HIGH
CVE-2023-30997
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access
7.8
HIGH
CVE-2023-38371
>= 10.0.0.0 and <= 10.0.7.1
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow a
5.9
MEDIUM
CVE-2021-20439
all versions
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can
7.5
HIGH
CVE-2020-4499
>= 9.0.7.0 and < 9.0.7.2
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass
9.8
CRITICAL
CVE-2019-4552
>= 9.0.7.0 and < 9.0.7.2
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remot
6.1
MEDIUM
CVE-2020-4699
all versions
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing s
5.3
MEDIUM
CVE-2020-4661
all versions
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing s
5.3
MEDIUM
CVE-2020-4660
all versions
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing s
5.3
MEDIUM
CVE-2019-4725
>= 9.0.0.0 and < 9.0.7.0
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrar
6.1
MEDIUM
CVE-2020-4461
>= 9.0 and < 9.0.7.1
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims man
6.5
MEDIUM
CVE-2019-4707
all versions
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML d
7.1
HIGH
CVE-2019-4036
all versions
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy compo
7.5
HIGH
CVE-2019-4158
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of
5.4
MEDIUM
CVE-2019-4157
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
6.1
MEDIUM
CVE-2019-4156
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to
5.9
MEDIUM
CVE-2019-4153
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect
6.8
MEDIUM
CVE-2019-4152
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session
4.4
MEDIUM
CVE-2019-4151
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to
5.9
MEDIUM
CVE-2019-4150
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an at
3.7
LOW
CVE-2019-4145
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which coul
7.1
HIGH
CVE-2019-4135
>= 9.0.1 and <= 9.0.6
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to im
8.8
HIGH
CVE-2018-1970
>= 7.0.1 and <= 7.0.1.10
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remo
7.1
HIGH
CVE-2018-1887
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a p
5.9
MEDIUM
CVE-2018-1886
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthori
5.3
MEDIUM
CVE-2018-1815
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable
6.1
MEDIUM
CVE-2018-1814
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algo
5.9
MEDIUM
CVE-2018-1813
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input valid
4.3
MEDIUM
CVE-2018-1805
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sen
4.3
MEDIUM
CVE-2018-1804
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authori
3.7
LOW
CVE-2018-1803
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the
6.1
MEDIUM
CVE-2018-1740
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This
5.4
MEDIUM
CVE-2018-1653
>= 9.0.1.0 and <= 9.0.5.0
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This
5.4
MEDIUM
CVE-2018-1850
all versions
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advance
8.8
HIGH
CVE-2018-1722
all versions
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federa
10.0
CRITICAL
CVE-2017-1480
>= 9.0.0 and <= 9.0.3.1
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in
4.3
MEDIUM
CVE-2017-1476
>= 9.0.0 and <= 9.0.3.1
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obt
5.9
MEDIUM
CVE-2017-1474
>= 9.0.0 and <= 9.0.3.1
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to u
5.3
MEDIUM
CVE-2018-1443
>= 9.0.0 and <= 9.0.4
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IB
5.9
MEDIUM
CVE-2017-1489
all versions
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO M
6.1
MEDIUM
CVE-2016-3045
all versions
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if una
3.7
LOW
CVE-2016-3018
all versions
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Java
6.1
MEDIUM
CVE-2016-3028
all versions
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 a
9.1
CRITICAL
CVE-2016-3025
all versions
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly r
8.1
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin