Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_verify_access
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 66 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-27 | CVE-2023-30430 | IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. | Security_verify_access | 5.5 | ||
| 2024-06-27 | CVE-2024-31883 | IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. | Security_verify_access | 5.9 | ||
| 2024-07-25 | CVE-2022-32759 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. | Security_directory_integrator, Security_directory_server, Security_verify_access | 7.5 | ||
| 2024-07-25 | CVE-2024-28772 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | Security_directory_integrator, Security_directory_server, Security_verify_access | 5.4 | ||
| 2024-08-29 | CVE-2024-35133 | IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | Security_verify_access, Security_verify_access_docker | 8.2 | ||
| 2020-10-15 | CVE-2019-4552 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. | Security_access_manager, Security_verify_access | 6.1 |