CVE-2021-20533

CVE-2021-20533 affects IBM Security Verify Access Docker 10.0.0 and describes a command-injection vulnerability that could allow a remote authenticated attacker to execute arbitrary commands by sending a specially crafted request. The IBM Security bulletin confirms this family of issues and lists...

CVE-2021-20533

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813...

CVE-2021-20524

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661...

CVE-2021-20524

CVE-2021-20524 affects IBM Security Verify Access Docker 10.0.0, vulnerable to cross-site scripting in the Web UI, potentially enabling credential disclosure within a trusted session. Root cause is cross-site scripting on the Docker container UI. Remediation: upgrade to the patched container vers...

CVE-2021-20523

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660...

CVE-2021-20523

Affected software: IBM Security Verify Access Docker container (version 10.0.0). Vulnerability: Remote attacker can obtain sensitive information due to a detailed technical error message returned in the browser, enabling information disclosure that could aid further attacks. Underlying cause is i...

CVE-2021-20511

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 198300...

CVE-2021-20511

CVE-2021-20511 affects IBM Security Verify Access Docker 10.0.0. A path traversal flaw allows a remote attacker to view arbitrary files by sending a crafted URL containing ../ sequences, effectively exposing system files. The IBM security bulletin confirms the vulnerability and provides a remedia...

CVE-2021-20510

The CVE-2021-20510 issue affects IBM Security Verify Access Docker 10.0.0, where user credentials are stored in plain clear text, allowing read access by a local user. Root cause: plaintext credential storage within the Docker container. Impact: local attacker could obtain credentials, enabling f...

CVE-2021-20510

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299...

CVE-2021-20500

CVE-2021-20500 affects IBM Security Verify Access Docker 10.0.0, with an information-disclosure flaw that could reveal highly sensitive data to a local privileged user. The issue is confirmed in IBM’s vulnerability bulletin and related sources, which also lists a remediation: upgrade to the patch...

CVE-2021-20500

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980...

CVE-2021-20499

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973...

CVE-2021-20499

Affected product: IBM Security Verify Access Docker 10.0.0. Vulnerability type / impact: remote information disclosure where detailed technical error messages returned in the browser expose sensitive information. This could be leveraged in further attacks against the system. Root cause (as descri...

CVE-2021-20498

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972...

CVE-2021-20498

CVE-2021-20498 affects IBM Security Verify Access Docker 10.0.0. The vuln disclosure is that a detailed technical error message in HTTP responses can reveal version information and other sensitive data, potentially aiding further attacks. IBM’s advisory for the Docker container lists a remediatio...

CVE-2021-20497

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969...

CVE-2021-20497

CVE-2021-20497 affects IBM Security Verify Access Docker 10.0.0, where the product uses weaker-than-expected cryptographic algorithms allowing an attacker to decrypt highly sensitive information. Connected IBM advisories confirm the affected container and provide remediation: upgrade to IBM Secur...

CVE-2021-20496

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966...

CVE-2021-20496

CVE-2021-20496 affects IBM Security Verify Access Docker 10.0.0, where an authenticated user could bypass input due to improper input validation. Root cause: input validation flaw in the container. Impact (as stated): bypass of input checks with no denial of service or remote code execution expli...