Ibm

Security Verify Information Queue

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-35284

  • EPSS 0.3%
  • Veröffentlicht 25.07.2022 18:23:11
  • Zuletzt bearbeitet 21.11.2024 07:11:02

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.

6.5

CVE-2022-35283

  • EPSS 0.63%
  • Veröffentlicht 14.07.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:11:02

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.

7.5

CVE-2021-20412

  • EPSS 0.07%
  • Veröffentlicht 12.02.2021 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:46:32

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal...

8.1

CVE-2021-20411

  • EPSS 0.09%
  • Veröffentlicht 12.02.2021 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:46:32

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.

5.3

CVE-2021-20410

  • EPSS 0.12%
  • Veröffentlicht 12.02.2021 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:46:32

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.

7.5

CVE-2021-20409

  • EPSS 0.07%
  • Veröffentlicht 12.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:32

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensi...

5.5

CVE-2021-20408

  • EPSS 0.02%
  • Veröffentlicht 12.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:32

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.

7.5

CVE-2021-20407

  • EPSS 0.08%
  • Veröffentlicht 12.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:32

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185.

4.9

CVE-2021-20406

  • EPSS 0.09%
  • Veröffentlicht 12.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:32

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184.

4

CVE-2021-20402

  • EPSS 0.1%
  • Veröffentlicht 11.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:31

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the syst...