IBM » Security Access Manager For Web 8.0 Firmware : Security Vulnerabilities, CVEs, Published In 2017 (Information Leak)
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Max CVSS
5.9
EPSS Score
0.14%
Published
2017-02-01
Updated
2020-10-27
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
Max CVSS
4.0
EPSS Score
0.07%
Published
2017-02-01
Updated
2020-10-27
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
Max CVSS
5.3
EPSS Score
0.09%
Published
2017-02-01
Updated
2020-10-27
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
Max CVSS
4.0
EPSS Score
0.05%
Published
2017-02-01
Updated
2020-10-27
4 vulnerabilities found