Ibm

Security Verify Access

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2024-35133

  • EPSS 1.58%
  • Veröffentlicht 29.08.2024 17:15:07
  • Zuletzt bearbeitet 21.09.2024 10:15:05

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker cou...

5.4

CVE-2024-28772

  • EPSS 0.26%
  • Veröffentlicht 25.07.2024 18:15:03
  • Zuletzt bearbeitet 21.11.2024 09:06:55

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func...

7.5

CVE-2022-32759

  • EPSS 0.14%
  • Veröffentlicht 25.07.2024 18:15:02
  • Zuletzt bearbeitet 21.11.2024 07:06:54

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

5.9

CVE-2024-31883

  • EPSS 0.19%
  • Veröffentlicht 27.06.2024 16:15:11
  • Zuletzt bearbeitet 21.11.2024 09:14:05

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.

5.5

CVE-2023-30430

  • EPSS 0.04%
  • Veröffentlicht 27.06.2024 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:00:10

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.

8.1

CVE-2024-31871

  • EPSS 0.09%
  • Veröffentlicht 10.04.2024 16:15:15
  • Zuletzt bearbeitet 03.11.2025 22:16:51

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.

8.1

CVE-2024-31872

  • EPSS 0.09%
  • Veröffentlicht 10.04.2024 16:15:15
  • Zuletzt bearbeitet 03.11.2025 22:16:51

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.

7.5

CVE-2024-31873

  • EPSS 0.08%
  • Veröffentlicht 10.04.2024 16:15:15
  • Zuletzt bearbeitet 03.11.2025 22:16:52

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.

5.5

CVE-2024-31874

  • EPSS 0.02%
  • Veröffentlicht 10.04.2024 16:15:15
  • Zuletzt bearbeitet 03.11.2025 22:16:52

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.

10

CVE-2024-28787

  • EPSS 0.11%
  • Veröffentlicht 04.04.2024 18:15:14
  • Zuletzt bearbeitet 14.08.2025 18:54:13

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-...