CVE-2017-1489

Summary

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Access Manager for Web6.1affected
IBMSecurity Access Manager for Web6.1.1affected
IBMSecurity Access Manager for Web7.0affected
IBMSecurity Access Manager for Web8.0affected
IBMSecurity Access Manager for Web8.0.0.2affected
IBMSecurity Access Manager for Web8.0.0.3affected
IBMSecurity Access Manager for Web8.0.0.4affected
IBMSecurity Access Manager for Web8.0.0.5affected
IBMSecurity Access Manager for Web8.0.0.1affected
IBMSecurity Access Manager for Web8.0.1affected
IBMSecurity Access Manager for Web8.0.1.2affected
IBMSecurity Access Manager for Web8.0.1.3affected
IBMSecurity Access Manager for Web9.0affected
IBMSecurity Access Manager for Web9.0.0.1affected
IBMSecurity Access Manager for Web9.0.1affected
IBMSecurity Access Manager for Web8.0.1.4affected
IBMSecurity Access Manager for Web8.0.1.5affected
IBMSecurity Access Manager for Web9.0.2affected
IBMSecurity Access Manager for Web9.0.2.1affected
IBMSecurity Access Manager for Web9.0.3affected

Weaknesses

  • Gain Access

ADP Enrichment

CVE Program Container

Additional References

References