Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2015-11-08 |
| Product | Security Access Manager For Web | Last view | 2018-06-06 |
| Version | 7.0.0.4 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:security_access_manager_for_web | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2018-06-06 | CVE-2017-1480 | IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617. |
| 5.9 | 2018-06-06 | CVE-2017-1476 | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610. |
| 5.3 | 2018-06-06 | CVE-2017-1474 | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606. |
| 7.5 | 2015-11-08 | CVE-2015-4963 | IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-200 | Information Exposure |
| 25% (1) | CWE-532 | Information Leak Through Log Files |
| 25% (1) | CWE-17 | Code |
