7.8
CVE-2025-0161
- EPSS 0.01%
- Veröffentlicht 20.02.2025 16:15:36
- Zuletzt bearbeitet 08.08.2025 19:42:26
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Security Verify Access Appliance code injection
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Security Verify Access Version >= 10.0.0 <= 10.0.0.9
Ibm ≫ Security Verify Access Version11.0.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.005 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.