Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_access_manager_for_enterprise_single_sign\-On
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-08-17 | CVE-2017-1732 | IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. | Security_access_manager_for_enterprise_single_sign\-On | 5.3 | ||
| 2013-12-22 | CVE-2013-6745 | Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | Security_access_manager_for_enterprise_single_sign\-On | N/A | ||
| 2013-12-22 | CVE-2013-5421 | Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | Security_access_manager_for_enterprise_single_sign\-On | N/A | ||
| 2013-12-23 | CVE-2013-5420 | The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. | Security_access_manager_for_enterprise_single_sign\-On | N/A |