Lucene search
K

203 matches found

Vulnrichment
Vulnrichment
added 2025/09/10 8:8 p.m.5 views

CVE-2024-45671 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

5.9CVSS6.1AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2025/09/10 8:8 p.m.14 views

CVE-2024-45671

IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8 use weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The available connected sources confirm this vulnerability exists in ISIQ and note remediation is to upgrade to the latest ...

7.5CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/10 8:6 p.m.5 views

CVE-2024-45669 IBM Security Verify Information Queue denial of service

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to uncontrolled resource consumption...

6.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 2025/09/10 8:6 p.m.17 views

CVE-2024-45669

CVE-2024-45669 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8. The vulnerability arises from improper handling of special characters, leading to uncontrolled resource consumption and a denial of service when processed remotely. The issue is documented across multiple ...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/10 8:4 p.m.5 views

CVE-2024-47120 IBM Security Verify Information Queue code execution

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges...

6.4CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 8:4 p.m.3 views

CVE-2024-47120 IBM Security Verify Information Queue code execution

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges...

6.4CVSS6.3AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2025/09/10 8:4 p.m.16 views

CVE-2024-47120

CVE-2024-47120 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8. Connected sources indicate the root cause is containers running with unnecessary privileges, enabling a privileged user to escalate privileges and expand the host attack surface. The IBM security bulletin ...

6.8CVSS6.1AI score0.00194EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.6 views

PT-2025-37093

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 10.0.5 through 10.0.8 Description: IBM Security Verify Information Queue versions 10.0.5, 10.0.6, 10.0.7, and 10.0.8 may allow a remote user to cause a denial of service due to improper handling ...

6.5CVSS6.2AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37095

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 10.0.5 through 10.0.8 Description: IBM Security Verify Information Queue containers may run with unnecessary privileges, potentially allowing a privileged user to escalate their privileges and...

6.4CVSS6.3AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37094

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 10.0.5 through 10.0.8 Description: IBM Security Verify Information Queue utilizes cryptographic algorithms that are considered weaker than expected, potentially allowing an attacker to decrypt...

5.9CVSS6.2AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.3 views

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a microservices architecture integration platform that leverages Kafka technology and a publish/subscribe model to integrate data between IBMSecurity products, acting as a cross-product data exchange hub. An elevation of privilege vulnerability exists in I...

6.8CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.5 views

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is an integration product from International Business Machines IBM, Inc. utilizes Kafka technology and a publish/subscribe model to integrate data between IBM Security products. A cryptographic issue vulnerability exists in IBM Security Verify Information Que...

7.5CVSS6.3AI score0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.3 views

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a microservices architecture integration platform that leverages Kafka technology and a publish/subscribe model to integrate data between IBMSecurity products, acting as a cross-product data exchange hub. A denial of service vulnerability exists in IBM...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:7 a.m.19 views

Security Bulletin: IBM Security Verify Information Queue displays the Grafana signing key when setting up the logs stack (CVE-2021-20412)

Summary IBM Security Verify Information Queue ISIQ offers an optional logs stack to demonstrate logging and monitoring. Among the stack's components is a Grafana dashboard. The initialization file for Grafana contains a hard-coded signing key. As of ISIQ v10.0.0, this signing key has been removed...

7.5CVSS7.6AI score0.00886EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:6 a.m.18 views

Security Bulletin: IBM Security Verify Information Queue does not sufficiently safeguard session IDs from session fixation attacks (CVE-2021-20411)

Summary The web server in IBM Security Verify Information Queue ISIQ does not always update the session identifier when a new user logs in. This could allow a session fixation attack in which a previously used session identifier gets commandeered by an impersonator. As of v10.0.0, ISIQ now...

8.1CVSS7.9AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:6 a.m.18 views

Security Bulletin: IBM Security Verify Information Queue does not hide the InfluxDB credentials when setting up the logs stack (CVE-2021-20410)

Summary IBM Security Verify Information Queue ISIQ offers an optional logs stack to demonstrate logging and monitoring. The logs stack YAML file has parameters for defining an InfluxDB instance. The parameters include the InfluxDB user and password credentials. As of ISIQ v10.0.0, these credentia...

5.3CVSS5.3AI score0.00643EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:6 a.m.22 views

Security Bulletin: IBM Security Verify Information Queue does not always enable HTTP Strict Transport Security when sending error responses (CVE-2021-20409)

Summary The web server in IBM Security Verify Information Queue ISIQ does not add the HTTP Strict Transport Security header in its internally generated error responses. Consequently, a remote attacker could obtain sensitive information from an insecure HTTP connection. As of v10.0.0, ISIQ is...

7.5CVSS7.4AI score0.00895EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:5 a.m.18 views

Security Bulletin: IBM Security Verify Information Queue discloses sensitive information in source code (CVE-2021-20407)

Summary The source code for a Node.js package used by IBM Security Verify Information Queue ISIQ includes the email address of one of the developers of the package. As of v10.0.0, ISIQ is now hiding this sensitive information. Vulnerability Details CVEID:CVE-2021-20407 DESCRIPTION: IBM Security...

7.5CVSS7.5AI score0.00655EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:4 a.m.23 views

Security Bulletin: IBM Security Verify Information Queue uses a relatively weak cryptographic algorithm to protect application data (CVE-2021-20406)

Summary The cryptographic algorithm that IBM Security Verify Information Queue ISIQ uses to encrypt and decrypt application data has a JSON web token JWT signing key that is shorter than the recommended length. As of v10.0.0, ISIQ has doubled the length of its JWT signing key to be in compliance...

4.9CVSS4.8AI score0.00464EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:32 p.m.33 views

Security Bulletin: IBM Security Verify Information Queue has a third-party library vulnerability (CVE-2023-43642)

Summary IBM Security Verify Information Queue ISIQ v10.0.7 has upgraded its Apache Kafka client to remediate a vulnerability in the snappy-java compression library. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper...

7.5CVSS7.4AI score0.0104EPSS
Exploits1Affected Software1
Rows per page
Query Builder