CVEDB API

Vulnerabilities

Vulnerable Software

Ibm: >> Tivoli Access Manager For E-Business Security Vulnerabilities

CVE-2017-1489

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

CVSS Score

6.1

EPSS Score

0.002

Published

2017-08-29

CVE-2011-0494

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622.

CVSS Score

5.0

EPSS Score

0.002

Published

2011-01-19

CVE-2010-4622

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

CVSS Score

5.0

EPSS Score

0.004

Published

2010-12-30

CVE-2010-4623

WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.

CVSS Score

4.0

EPSS Score

0.004

Published

2010-12-30

CVE-2010-4120

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.

CVSS Score

4.3

EPSS Score

0.024

Published

2010-10-28

CVE-2010-0311

Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.

CVSS Score

6.8

EPSS Score

0.013

Published

2010-01-14

CVE-2008-5257

webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan.

CVSS Score

4.3

EPSS Score

0.008

Published

2008-11-27

CVE-2006-0513

Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

CVSS Score

5.0

EPSS Score

0.123

Published

2006-02-06

CVE-2004-2558

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack."

CVSS Score

7.5

EPSS Score

0.008

Published

2004-12-31

Page 1

Vulnerabilities

Vulnerable Software

Ibm: >> Tivoli Access Manager For E-Business Security Vulnerabilities

Products

Pricing

Contact Us