Ibm

Security Verify Access

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-40700

  • EPSS 0.15%
  • Published 04.02.2025 21:15:26
  • Last modified 05.08.2025 13:54:50

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended function...

7.5

CVE-2024-43187

  • EPSS 0.03%
  • Published 04.02.2025 21:15:26
  • Last modified 05.08.2025 14:07:24

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

5.3

CVE-2024-45658

  • EPSS 0.06%
  • Published 04.02.2025 21:15:26
  • Last modified 08.08.2025 17:12:36

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the ...

5.3

CVE-2024-45659

  • EPSS 0.06%
  • Published 04.02.2025 18:15:34
  • Last modified 05.08.2025 13:51:02

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the ...

9.8

CVE-2024-45647

  • EPSS 0.06%
  • Published 20.01.2025 15:15:07
  • Last modified 29.01.2025 21:11:50

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.

9.8

CVE-2024-49806

  • EPSS 0.11%
  • Published 29.11.2024 17:15:08
  • Last modified 29.01.2025 21:25:06

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of i...

9.8

CVE-2024-49805

  • EPSS 0.11%
  • Published 29.11.2024 17:15:08
  • Last modified 29.01.2025 21:24:36

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of i...

7.8

CVE-2024-49804

  • EPSS 0.02%
  • Published 29.11.2024 17:15:08
  • Last modified 29.01.2025 21:24:00

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.

8.8

CVE-2024-49803

  • EPSS 0.23%
  • Published 29.11.2024 17:15:08
  • Last modified 29.01.2025 21:23:51

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

8.2

CVE-2024-35133

  • EPSS 1.73%
  • Published 29.08.2024 17:15:07
  • Last modified 21.09.2024 10:15:05

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker cou...