Security_verify_access - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Security_verify_access
(Ibm)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	57

Date	Id	Summary	Products	Score	Patch	Annotated
2024-08-29	CVE-2024-35133	IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.	Security_verify_access, Security_verify_access_docker	8.2
2024-06-27	CVE-2023-30430	IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.	Security_verify_access	5.5
2024-06-27	CVE-2024-31883	IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.	Security_verify_access	5.9
2024-07-25	CVE-2022-32759	IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.	Security_directory_integrator, Security_directory_server, Security_verify_access	7.5
2024-07-25	CVE-2024-28772	IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.	Security_directory_integrator, Security_directory_server, Security_verify_access	5.4
2024-01-11	CVE-2023-38267	IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584.	Security_verify_access, Security_verify_access_docker	5.5
2024-03-31	CVE-2024-25027	IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.	Security_verify_access	5.5
2024-02-07	CVE-2023-32328	IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.	Security_verify_access	9.8
2024-02-07	CVE-2023-32330	IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.	Security_verify_access	9.8
2024-02-07	CVE-2023-43017	IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.	Security_verify_access	7.2