Ibm Tivoli Access Manager For E-Business vulnerabilities

CVE-2017-1489 [MEDIUM] CWE-601 CVE-2017-1489: IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a r IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

CVE-2011-0494 [MEDIUM] CVE-2011-0494: Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622.

CVE-2010-4622 [MEDIUM] CWE-22 CVE-2010-4622: Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 befor Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

CVE-2010-4623 [MEDIUM] CWE-399 CVE-2010-4623: WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.

CVE-2010-4120 [MEDIUM] CWE-79 CVE-2010-4120: Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop,

CVE-2008-5257 [MEDIUM] CWE-20 CVE-2008-5257: webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan.

CVE-2006-0513 [MEDIUM] CVE-2006-0513: Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Acce Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

CVE-2004-2558 [HIGH] CVE-2004-2558: Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attacker