CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2021/02/11 4:30 p.m.•49 views

CVE-2021-20405

CVE-2021-20405 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is improper encoding of output in web error/message handling, which could allow a user to perform unauthorized activities or disclose information via improperly encoded responses. IBM’s bu...

7.5CVSS7.2AI score0.00752EPSS

CVE•added 2021/02/11 4:30 p.m.•40 views

CVE-2021-20404

CVE-2021-20404 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is insufficient protection of session cookies, allowing modification that can cause login failures and a denial of service. The IBM advisory notes that starting with v10.0.0 the safeguards...

5.3CVSS5.1AI score0.009EPSS

Cvelist•added 2021/02/11 4:30 p.m.•11 views

CVE-2021-20403

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

3.1CVSS8.8AI score0.00373EPSS

CVE•added 2021/02/11 4:30 p.m.•39 views

CVE-2021-20403

The Connected documents confirm a CSRF vulnerability in IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7, allowing an attacker to perform malicious/unauthorized actions on behalf of a trusted user. The IBM bulletin notes older browser support affects CSRF protections (SameSit...

8.8CVSS8.6AI score0.00373EPSS

Cvelist•added 2021/02/11 4:30 p.m.•13 views

CVE-2021-20404

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078...

2.6CVSS5.3AI score0.009EPSS

Cvelist•added 2021/02/11 4:30 p.m.•13 views

CVE-2021-20402

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076...

2.7CVSS3.4AI score0.00978EPSS

CVE•added 2021/02/11 4:30 p.m.•38 views

CVE-2021-20402

The CVE-2021-20402 issue affects IBM Security Verify Information Queue versions 1.0.6 and 1.0.7. The vulnerability is an information-disclosure risk where a remote attacker can obtain sensitive data from detailed error messages returned in browsers, potentially enabling further attacks. Affected ...

4CVSS3.4AI score0.00978EPSS

CNNVD•added 2021/02/11 12:0 a.m.•3 views

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. IBM Security Verify Information Queue suffers from a user credentials plaintext delivery vulnerability. An attacker...

5.3CVSS6.1AI score0.00643EPSS

CNNVD•added 2021/02/11 12:0 a.m.•2 views

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A session fixation vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from incorre...

8.1CVSS7.2AI score0.00404EPSS

CNNVD•added 2021/02/11 12:0 a.m.•4 views

IBM Security Verify Information Queue 信任管理问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A hard-coded credentials vulnerability exists in IBM Security Verify Information Queue. An attacker could exploit the...

7.5CVSS6.6AI score0.00886EPSS

CNNVD•added 2021/02/11 12:0 a.m.•4 views

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from...

7.1CVSS6.7AI score0.00172EPSS

CNNVD•added 2021/02/11 12:0 a.m.•3 views

IBM Security Verify Information Queue 信息泄露漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from ...

7.5CVSS7.1AI score0.00895EPSS

CNNVD•added 2021/02/11 12:0 a.m.•3 views

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A weak cryptographic algorithm vulnerability exists in IBM Security Verify Information Queue. An attacker could exploi...

4.9CVSS5.8AI score0.00464EPSS

CNNVD•added 2021/02/11 12:0 a.m.•5 views

IBM Security Verify Information Queue 信息泄露漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. An attacker could exploit thi...

7.5CVSS7.1AI score0.00655EPSS

IBM Security Bulletins•added 2021/02/10 6:5 p.m.•22 views

Security Bulletin: IBM Security Verify Information Queue does not properly encode error messages sent to web users (CVE-2021-20405)

Summary When an error occurs while using the IBM Security Verify Information Queue ISIQ web application, the status messages sent back to the user are not properly encoded. This could lead to information disclosure, which could then be leveraged in a phishing attack. As of v10.0.0, the ISIQ web...

7.5CVSS0.7AI score0.00752EPSS

IBM Security Bulletins•added 2021/02/10 5:56 p.m.•20 views

Security Bulletin: IBM Security Verify Information Queue still supports older browsers that don't enforce CSRF token protections (CVE-2021-20403)

Summary The IBM Security Verify Information Queue ISIQ web application protects against cross-site request forgery CSRF attacks by using the SameSite cookie attribute. However, ISIQ's web browser requirements are not current enough to ensure that this cookie attribute gets consistently used. As o...

8.8CVSS0.7AI score0.00373EPSS

IBM Security Bulletins•added 2021/02/10 5:50 p.m.•15 views

Security Bulletin: IBM Security Verify Information Queue does not sufficiently protect its session cookies (CVE-2021-20404)

Summary IBM Security Verify Information Queue ISIQ does not sufficiently protect its session cookies from malicious modification. Consequently, a denial-of-service attack could cause ISIQ logins to fail with an invalid token. As of v10.0.0, ISIQ has strengthened the safeguards of session cookies...

5.3CVSS0.5AI score0.009EPSS

IBM Security Bulletins•added 2021/02/10 5:39 p.m.•15 views

Security Bulletin: IBM Security Verify Information Queue could reveal sensitive data in application error messages (CVE-2021-20402)

Summary In response to certain application errors, IBM Security Verify Information Queue ISIQ could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v10.0.0, ISIQ no longer includes sensitve data when outputting error messages...

4CVSS0.7AI score0.00978EPSS