Ibm Security Access Manager For Enterprise Single Sign-On vulnerabilities
6 known vulnerabilities affecting ibm/security_access_manager_for_enterprise_single_sign-on.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2LOW2
Vulnerabilities
Page 1 of 1
CVE-2019-4513HIGHCVSS 8.2v8.2.22019-08-26
CVE-2019-4513 [HIGH] CWE-611 CVE-2019-4513: IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Ent
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.
cvelistv5nvd
CVE-2017-1732MEDIUMCVSS 5.3v8.2.22018-08-17
CVE-2017-1732 [MEDIUM] CWE-200 CVE-2017-1732: IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obta
cvelistv5nvd
CVE-2015-0235CRITICALCVSS 10.0PoCv8.22015-01-28
CVE-2015-0235 [CRITICAL] CWE-787 CVE-2015-0235: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x ve
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
nvd
CVE-2013-5420LOWCVSS 3.5v8.22013-12-23
CVE-2013-5420 [LOW] CWE-264 CVE-2013-5420: The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
nvd
CVE-2013-5421MEDIUMCVSS 4.3v8.22013-12-22
CVE-2013-5421 [MEDIUM] CWE-79 CVE-2013-5421: Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Mana
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
nvd
CVE-2013-6745LOWCVSS 3.5v8.22013-12-22
CVE-2013-6745 [LOW] CWE-79 CVE-2013-6745: Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Mana
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
nvd