threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm security access manager for web 8.0 firmware
Product
ibm security access manager for web 8.0 firmware
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2017-1459
all versions
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows
4.2
MEDIUM
CVE-2016-5919
all versions
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an
7.5
HIGH
CVE-2015-5013
all versions
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authentic
5.5
MEDIUM
CVE-2016-3020
all versions
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused
5.5
MEDIUM
CVE-2016-3046
all versions
IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements
2.7
LOW
CVE-2016-3043
all versions
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to proper
5.9
MEDIUM
CVE-2016-3029
all versions
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious
8.8
HIGH
CVE-2016-3027
all versions
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error w
6.5
MEDIUM
CVE-2016-3024
all versions
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
4.0
MEDIUM
CVE-2016-3023
all versions
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invali
5.3
MEDIUM
CVE-2016-3022
all versions
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorr
6.5
MEDIUM
CVE-2016-3021
all versions
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using
2.7
LOW
CVE-2016-3017
all versions
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfiguration
7.5
HIGH
CVE-2016-3016
all versions
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin a
4.4
MEDIUM
CVE-2016-2908
all versions
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE
9.1
CRITICAL
CVE-2015-8531
all versions
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1
6.1
MEDIUM
CVE-2015-5012
all versions
The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 be
7.5
HIGH
CVE-2015-5010
all versions
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lock
7.5
HIGH
CVE-2015-5018
all versions
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 I
8.0
HIGH
CVE-2015-1892
all versions
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadverte
CVE-2014-6079
all versions
Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0
CVE-2014-4823
all versions
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0
CVE-2014-4809
all versions
The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005,
CVE-2014-7169
all versions
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environme
9.8
CRITICAL
CVE-2014-6271
all versions
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows re
9.8
CRITICAL
CVE-2014-3053
all versions
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 an
CVE-2014-3052
all versions
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-n
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin