U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Security Access Management
  • Search Type: Search All
  • CPE Name Search: false
  • CPE Vendor: cpe:/:ibm
There are 15 matching records.
Displaying matches 1 through 15.
Vuln ID Summary CVSS Severity
CVE-2020-4779

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.

Published: October 12, 2020; 9:15:13 AM -0400
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2015-5018

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.

Published: January 02, 2016; 12:59:03 AM -0500
V3.0: 8.0 HIGH
V2.0: 8.5 HIGH
CVE-2014-6079

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: October 02, 2014; 9:55:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-3053

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.

Published: June 21, 2014; 11:55:03 AM -0400
V3.x:(not available)
V2.0: 8.0 HIGH
CVE-2013-6333

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-6331

SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6302.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-6320

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6333.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-6319

IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions and read content via unspecified vectors.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-6318

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-6303

Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-6302

SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6331.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-6301

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6320, and CVE-2013-6333.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-6300

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-6299

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6300, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333.

Published: March 05, 2014; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-5468

IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network.

Published: March 05, 2014; 6:55:02 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM