Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_verify_access
(Ibm)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 57 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-08-29 | CVE-2024-35133 | IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | Security_verify_access, Security_verify_access_docker | 8.2 | ||
2024-06-27 | CVE-2023-30430 | IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. | Security_verify_access | 5.5 | ||
2024-06-27 | CVE-2024-31883 | IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. | Security_verify_access | 5.9 | ||
2024-07-25 | CVE-2022-32759 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. | Security_directory_integrator, Security_directory_server, Security_verify_access | 7.5 | ||
2024-07-25 | CVE-2024-28772 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | Security_directory_integrator, Security_directory_server, Security_verify_access | 5.4 | ||
2024-01-11 | CVE-2023-38267 | IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. | Security_verify_access, Security_verify_access_docker | 5.5 | ||
2024-03-31 | CVE-2024-25027 | IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | Security_verify_access | 5.5 | ||
2024-02-07 | CVE-2023-32328 | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | Security_verify_access | 9.8 | ||
2024-02-07 | CVE-2023-32330 | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. | Security_verify_access | 9.8 | ||
2024-02-07 | CVE-2023-43017 | IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | Security_verify_access | 7.2 |