threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm security access manager 9.0 firmware
Product
ibm security access manager 9.0 firmware
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2017-1478
all versions
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system.
3.3
LOW
CVE-2017-1533
all versions
IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr
6.1
MEDIUM
CVE-2017-1459
all versions
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows
4.2
MEDIUM
CVE-2017-1477
all versions
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data
8.1
HIGH
CVE-2017-1453
all versions
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the syste
8.8
HIGH
CVE-2016-3051
all versions
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server.
4.3
MEDIUM
CVE-2016-3019
all versions
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decry
6.5
MEDIUM
CVE-2016-5919
all versions
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an
7.5
HIGH
CVE-2015-5013
all versions
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authentic
5.5
MEDIUM
CVE-2016-3020
all versions
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused
5.5
MEDIUM
CVE-2016-3046
all versions
IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements
2.7
LOW
CVE-2016-3043
all versions
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to proper
5.9
MEDIUM
CVE-2016-3029
all versions
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious
8.8
HIGH
CVE-2016-3027
all versions
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error w
6.5
MEDIUM
CVE-2016-3024
all versions
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
4.0
MEDIUM
CVE-2016-3023
all versions
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invali
5.3
MEDIUM
CVE-2016-3022
all versions
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorr
6.5
MEDIUM
CVE-2016-3021
all versions
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using
2.7
LOW
CVE-2016-3017
all versions
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfiguration
7.5
HIGH
CVE-2016-3016
all versions
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin a
4.4
MEDIUM
CVE-2016-2908
all versions
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE
9.1
CRITICAL
CVE-2015-8531
all versions
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1
6.1
MEDIUM
CVE-2015-5012
all versions
The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 be
7.5
HIGH
CVE-2015-5010
all versions
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lock
7.5
HIGH
CVE-2015-5018
all versions
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 I
8.0
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin