Ibm

Security Verify Access

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-28772

  • EPSS 0.19%
  • Published 25.07.2024 18:15:03
  • Last modified 21.11.2024 09:06:55

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func...

7.5

CVE-2022-32759

  • EPSS 0.1%
  • Published 25.07.2024 18:15:02
  • Last modified 21.11.2024 07:06:54

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

5.9

CVE-2024-31883

  • EPSS 0.19%
  • Published 27.06.2024 16:15:11
  • Last modified 21.11.2024 09:14:05

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.

5.5

CVE-2023-30430

  • EPSS 0.03%
  • Published 27.06.2024 16:15:10
  • Last modified 21.11.2024 08:00:10

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.

5.5

CVE-2024-31874

  • EPSS 0.02%
  • Published 10.04.2024 16:15:15
  • Last modified 28.01.2025 17:31:15

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.

7.5

CVE-2024-31873

  • EPSS 0.06%
  • Published 10.04.2024 16:15:15
  • Last modified 28.01.2025 21:13:10

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.

8.1

CVE-2024-31872

  • EPSS 0.07%
  • Published 10.04.2024 16:15:15
  • Last modified 28.01.2025 21:11:32

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.

8.1

CVE-2024-31871

  • EPSS 0.07%
  • Published 10.04.2024 16:15:15
  • Last modified 28.01.2025 21:08:28

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.

10

CVE-2024-28787

  • EPSS 0.11%
  • Published 04.04.2024 18:15:14
  • Last modified 14.08.2025 18:54:13

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-...

5.5

CVE-2024-25027

  • EPSS 0.02%
  • Published 31.03.2024 12:15:50
  • Last modified 21.11.2024 09:00:08

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.