9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.654 Medium
EPSS
Percentile
97.9%
IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521]. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization [CVE-2013-2165]. IBM Security Verify Governance is vulnerable to remote attacks caused by an Expression Language (EL) injection flaw using the UserResource resource [CVE-2018-14667].
CVEID:CVE-2013-4521
**DESCRIPTION:**Nuxeo Platform could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes for which deserialization methods can be called. A remote attackers could exploit this vulnerability using specially crafted serialized data to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177062 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2013-2165
**DESCRIPTION:**JBoss RichFaces could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the handling of deserialization. An attacker could exploit this vulnerability to trigger the execution of the deserialization methods in any serializable class and execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/85630 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID:CVE-2018-14667
**DESCRIPTION:**Red Hat JBoss could allow a remote attacker to execute arbitrary code on the system, caused by an Expression Language (EL) injection flaw using the UserResource resource. By sending a specially-crafted java serialized object org.ajax4jsf.resource.UserResource$UriData expression, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152665 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Governance | 10.0 |
IBM encourages customers to upgrade their systems promptly.
Affected Product(s)
|
Version(s)
|
First Fix
β|β|β
IBM Security Verify Governance
|
10.0.1
|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security verify governance | eq | 10.0 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.654 Medium
EPSS
Percentile
97.9%