cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-38370,https://securityvulnerability.io/vulnerability/CVE-2023-38370,IBM Security Access Manager Vulnerability Allows Malicious Package Installation,"The vulnerability presents a significant risk within IBM Security Access Manager Docker across multiple versions. Under specific configurations, it allows unauthorized users on the network to potentially install malicious packages, leading to a compromise of the system's security and integrity. This vulnerability underscores the critical importance of secure configuration management in preventing unauthorized access and ensuring the safety of sensitive data within organizational networks.",IBM,Security Access Manager Docker,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-27T18:27:20.082Z,0
CVE-2023-38368,https://securityvulnerability.io/vulnerability/CVE-2023-38368,IBM Security Access Manager Vulnerability Could Leak Sensitive Information,"IBM Security Access Manager, particularly versions 10.0.0.0 through 10.0.7.1, is susceptible to vulnerabilities that expose sensitive information to local users. This flaw arises from inadequate permission controls, potentially allowing unauthorized access to critical data within the system. Organizations utilizing these versions should review their security measures and apply necessary updates to mitigate risks associated with this vulnerability.",IBM,Security Access Manager Docker,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T18:25:39.896Z,0
CVE-2023-30997,https://securityvulnerability.io/vulnerability/CVE-2023-30997,IBM Security Access Manager Vulnerability Allows Root Access,"A vulnerability in IBM Security Access Manager Docker versions 10.0.0.0 to 10.0.7.1 may allow a local user to gain unauthorized root access due to improperly configured access controls. This issue can expose sensitive data and compromise system integrity, necessitating immediate attention from administrators to mitigate potential risks associated with this vulnerability.",IBM,Security Access Manager Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T18:21:12.373Z,0
CVE-2023-30998,https://securityvulnerability.io/vulnerability/CVE-2023-30998,IBM Security Access Manager Vulnerability Allows Root Access,"The vulnerability in IBM Security Access Manager Docker allows a local user to bypass security measures due to improper access controls. The flaw affects versions from 10.0.0.0 to 10.0.7.1, enabling unauthorized individuals to gain root access, compromising the security and integrity of the affected system. This vulnerability is documented under IBM X-Force ID 254649, highlighting the significance of addressing it to maintain robust security practices.",IBM,Security Access Manager Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T18:18:22.101Z,0
CVE-2023-38371,https://securityvulnerability.io/vulnerability/CVE-2023-38371,Weaker Cryptographic Algorithms in IBM Security Access Manager Docker Releases Could Lead to Information Decryption,"IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1 exhibit vulnerabilities due to the implementation of cryptographic algorithms that do not meet expected security standards. This weakness may allow attackers to decrypt highly sensitive information, posing significant risks to data confidentiality. Organizations utilizing these affected versions should review their security configurations and consider updates or mitigations to safeguard sensitive data against potential unauthorized access.",IBM,Security Access Manager Docker,7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-06-27T18:14:20.985Z,0
CVE-2021-20439,https://securityvulnerability.io/vulnerability/CVE-2021-20439,,IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.,IBM,"Security Verify Access Docker,Security Access Manager",7.5,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-07-15T16:15:00.000Z,0
CVE-2019-4552,https://securityvulnerability.io/vulnerability/CVE-2019-4552,,"IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.",IBM,"Security Verify Access,Security Access Manager",6.1,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2020-10-15T13:15:00.000Z,0
CVE-2020-4499,https://securityvulnerability.io/vulnerability/CVE-2020-4499,,IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.,IBM,"Security Verify Access,Security Access Manager",7.3,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2020-10-15T13:15:00.000Z,0
CVE-2020-4395,https://securityvulnerability.io/vulnerability/CVE-2020-4395,,IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.,IBM,Security Access Manager Appliance,6.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-10-14T17:15:00.000Z,0
CVE-2020-4660,https://securityvulnerability.io/vulnerability/CVE-2020-4660,,IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.,IBM,"Security Access Manager,Security Verify Access",5.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-10-12T13:15:00.000Z,0
CVE-2020-4699,https://securityvulnerability.io/vulnerability/CVE-2020-4699,,IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.,IBM,"Security Access Manager,Security Verify Access",5.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-10-12T13:15:00.000Z,0
CVE-2020-4661,https://securityvulnerability.io/vulnerability/CVE-2020-4661,,IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.,IBM,"Security Access Manager,Security Verify Access",5.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-10-12T13:15:00.000Z,0
CVE-2019-4725,https://securityvulnerability.io/vulnerability/CVE-2019-4725,,IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.,IBM,Security Access Manager Appliance,6.1,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2020-10-06T16:15:00.000Z,0
CVE-2020-4461,https://securityvulnerability.io/vulnerability/CVE-2020-4461,,IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.,IBM,Security Access Manager Appliance,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-05-20T13:15:00.000Z,0
CVE-2019-4707,https://securityvulnerability.io/vulnerability/CVE-2019-4707,,IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.,IBM,Security Access Manager Appliance,7.1,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2020-01-28T19:15:00.000Z,0
CVE-2019-4036,https://securityvulnerability.io/vulnerability/CVE-2019-4036,,IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.,IBM,Security Access Manager,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2019-10-25T17:15:00.000Z,0
CVE-2019-4513,https://securityvulnerability.io/vulnerability/CVE-2019-4513,,IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.,IBM,Security Access Manager For Enterprise Single Sign-on,8.2,HIGH,0.001610000035725534,false,,false,false,false,,,false,false,,2019-08-26T15:15:00.000Z,0
CVE-2019-4135,https://securityvulnerability.io/vulnerability/CVE-2019-4135,,IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.,IBM,Security Access Manager,7.5,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0
CVE-2019-4158,https://securityvulnerability.io/vulnerability/CVE-2019-4158,,IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.,IBM,Security Access Manager,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0
CVE-2019-4152,https://securityvulnerability.io/vulnerability/CVE-2019-4152,,IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.,IBM,Security Access Manager,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0
CVE-2019-4151,https://securityvulnerability.io/vulnerability/CVE-2019-4151,,IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512.,IBM,Security Access Manager,5.9,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0
CVE-2019-4145,https://securityvulnerability.io/vulnerability/CVE-2019-4145,,IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.,IBM,Security Access Manager,7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0
CVE-2019-4156,https://securityvulnerability.io/vulnerability/CVE-2019-4156,,IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.,IBM,Security Access Manager,5.9,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0
CVE-2019-4157,https://securityvulnerability.io/vulnerability/CVE-2019-4157,,IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.,IBM,Security Access Manager,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0
CVE-2019-4153,https://securityvulnerability.io/vulnerability/CVE-2019-4153,,"IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.",IBM,Security Access Manager,6.8,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2019-06-25T16:15:00.000Z,0