9.8

CVE-2023-32330

IBM Security Verify Access man in the middle

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server.  IBM X-Force ID:  254977.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSecurity Verify Access Version >= 10.0.0.0 <= 10.0.6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.86% 0.537
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com 7.5 1.6 5.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.ibm.com/support/pages/node/7106586
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/254977
VDB Entry
http://seclists.org/fulldisclosure/2024/Nov/0