Vulnerability CVE-2017-1489


Published: 2017-08-28   Modified: 2017-08-29

Description:
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

Vendor: IBM
Product: Security access manager 
Version:
9.0.3.0
9.0.2.1
9.0.2.0
9.0.1.0
9.0.0.1
9.0.0.0
See more versions on NVD
Product: Security access manager for mobile 
Version:
8.0.1.6
8.0.1.5
8.0.1.4
8.0.1.3
8.0.1.2
8.0.1.1
8.0.1.0
8.0.0.5
8.0.0.4
8.0.0.31
8.0.0.3
8.0.0.22
8.0.0.2
8.0.0.1
8.0.0.0
8.0
See more versions on NVD
Product: Security access manager for web 
Version:
8.0.1.6
8.0.1.5
8.0.1.4
8.0.1.3
8.0.1.2
8.0.1.1
8.0.1.0
8.0.0.5
8.0.0.4
8.0.0.31
8.0.0.3
8.0.0.22
8.0.0.2
8.0.0.1
8.0.0.0
8.0
See more versions on NVD
Product: Security access manager for web appliance 
Version:
7.0.0.9
7.0.0.8
7.0.0.7
7.0.0.6
7.0.0.5
7.0.0.4
7.0.0.30
7.0.0.3
7.0.0.29
7.0.0.28
7.0.0.27
7.0.0.26
7.0.0.25
7.0.0.24
7.0.0.23
7.0.0.22
7.0.0.21
7.0.0.20
7.0.0.2
7.0.0.19
7.0.0.18
7.0.0.17
7.0.0.16
7.0.0.15
7.0.0.14
7.0.0.13
7.0.0.12
7.0.0.11
7.0.0.10
7.0.0.1
7.0
See more versions on NVD
Product: Security access manager for web software 
Version:
7.0.0.9
7.0.0.8
7.0.0.7
7.0.0.6
7.0.0.5
7.0.0.4
7.0.0.30
7.0.0.3
7.0.0.29
7.0.0.28
7.0.0.27
7.0.0.26
7.0.0.25
7.0.0.24
7.0.0.23
7.0.0.22
7.0.0.21
7.0.0.20
7.0.0.2
7.0.0.19
7.0.0.18
7.0.0.17
7.0.0.16
7.0.0.15
7.0.0.14
7.0.0.13
7.0.0.12
7.0.0.11
7.0.0.10
7.0.0.1
7.0
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.ibm.com/support/docview.wss?uid=swg22006959
http://www.securityfocus.com/bid/100592
http://www.securitytracker.com/id/1039227
https://exchange.xforce.ibmcloud.com/vulnerabilities/128687

Related CVE
CVE-2019-4279
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
CVE-2019-4119
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
CVE-2019-4259
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
CVE-2019-4204
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...
CVE-2018-1990
IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283.
CVE-2018-1790
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. I...
CVE-2019-4208
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. ...
CVE-2019-4207
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.

Copyright 2019, cxsecurity.com

 

Back to Top