Ibm

Security Verify Access

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-22311

  • EPSS 0.17%
  • Veröffentlicht 31.03.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:37

IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.

9.8

CVE-2021-39070

  • EPSS 0.67%
  • Veröffentlicht 02.02.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:32

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353.

7.5

CVE-2021-38957

  • EPSS 0.21%
  • Veröffentlicht 10.01.2022 14:10:20
  • Zuletzt bearbeitet 21.11.2024 06:18:17

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.

5.3

CVE-2021-38956

  • EPSS 0.14%
  • Veröffentlicht 10.01.2022 14:10:20
  • Zuletzt bearbeitet 21.11.2024 06:18:17

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038

7.5

CVE-2021-38921

  • EPSS 0.1%
  • Veröffentlicht 10.01.2022 14:10:20
  • Zuletzt bearbeitet 21.11.2024 06:18:12

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.

5.4

CVE-2021-38895

  • EPSS 0.35%
  • Veröffentlicht 10.01.2022 14:10:20
  • Zuletzt bearbeitet 21.11.2024 06:18:10

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

4

CVE-2021-38894

  • EPSS 0.09%
  • Veröffentlicht 10.01.2022 14:10:20
  • Zuletzt bearbeitet 21.11.2024 06:18:09

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system....

4.9

CVE-2021-20534

  • EPSS 0.08%
  • Veröffentlicht 15.07.2021 18:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:44

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spo...

7.2

CVE-2021-20533

  • EPSS 0.37%
  • Veröffentlicht 15.07.2021 18:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:43

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813

6.5

CVE-2021-20537

  • EPSS 0.07%
  • Veröffentlicht 15.07.2021 18:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:44

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-...