Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_verify_access
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 57 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-10 | CVE-2021-38894 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | Security_verify_access | 2.7 | ||
| 2022-01-10 | CVE-2021-38895 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. | Security_verify_access | 5.4 | ||
| 2022-01-10 | CVE-2021-38921 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. | Security_verify_access | 7.5 | ||
| 2022-01-10 | CVE-2021-38956 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 | Security_verify_access | 5.3 | ||
| 2022-01-10 | CVE-2021-38957 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | Security_verify_access | 7.5 | ||
| 2021-07-15 | CVE-2021-20496 | IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. | Security_verify_access | 4.9 | ||
| 2021-07-15 | CVE-2021-20497 | IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | Security_verify_access | 7.5 | ||
| 2021-07-15 | CVE-2021-20499 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 | Security_verify_access | 2.7 | ||
| 2021-07-15 | CVE-2021-20510 | IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | Security_verify_access | 4.4 | ||
| 2021-07-15 | CVE-2021-20511 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. | Security_verify_access | 4.9 |