Ibm Security Access Manager For Mobile Appliance vulnerabilities

CVE-2014-4823 [CRITICAL] CWE-78 CVE-2014-4823: The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 an The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.

CVE-2014-6079 [MEDIUM] CWE-79 CVE-2014-6079: Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Ma Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-3073 [CRITICAL] CVE-2014-3073: Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Acce Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.

CVE-2014-3053 [HIGH] CWE-287 CVE-2014-3053: The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmw The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.