Product:

Security_verify_access

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 57
Date Id Summary Products Score Patch Annotated
2024-08-29 CVE-2024-35133 IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. Security_verify_access, Security_verify_access_docker 8.2
2024-06-27 CVE-2023-30430 IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. Security_verify_access 5.5
2024-06-27 CVE-2024-31883 IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. Security_verify_access 5.9
2024-07-25 CVE-2022-32759 IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. Security_directory_integrator, Security_directory_server, Security_verify_access 7.5
2024-07-25 CVE-2024-28772 IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. Security_directory_integrator, Security_directory_server, Security_verify_access 5.4
2024-01-11 CVE-2023-38267 IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. Security_verify_access, Security_verify_access_docker 5.5
2024-03-31 CVE-2024-25027 IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. Security_verify_access 5.5
2024-02-07 CVE-2023-32328 IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. Security_verify_access 9.8
2024-02-07 CVE-2023-32330 IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. Security_verify_access 9.8
2024-02-07 CVE-2023-43017 IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. Security_verify_access 7.2