|
220691
|
6.1 |
MEDIUM
Network
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4157
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220692
|
5.9 |
MEDIUM
Network
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-4156
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220693
|
6.8 |
MEDIUM
Network
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site,…
|
CWE-601
Open Redirect
|
CVE-2019-4153
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220694
|
4.4 |
MEDIUM
Local
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a clos…
|
CWE-384
Session Fixation
|
CVE-2019-4152
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220695
|
5.9 |
MEDIUM
Network
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2019-4151
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220696
|
3.7 |
LOW
Network
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) …
|
CWE-295
Improper Certificate Validation
|
CVE-2019-4150
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220697
|
7.1 |
HIGH
Local
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 1584…
|
NVD-CWE-noinfo
|
CVE-2019-4145
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220698
|
8.8 |
HIGH
Network
|
ibm
|
security_access_manager
|
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.
|
NVD-CWE-noinfo
|
CVE-2019-4135
|
2024-11-21 13:43 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220699
|
6.5 |
MEDIUM
Local
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-4385
|
2024-11-21 13:43 |
2019-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220700
|
4.3 |
MEDIUM
Network
|
ibm
|
campaign
|
IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view a…
|
CWE-22
Path Traversal
|
CVE-2019-4384
|
2024-11-21 13:43 |
2019-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
