CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

203 matches found

IBM Security Bulletins•added 2022/07/22 11:37 p.m.•30 views

Security Bulletin: A failed attempt to regenerate an IBM Security Verify Information Queue API token reveals sensitive data (CVE-2022-35288)

Summary When a malformed request to regenerate an external API token is sent to IBM Security Verify Information Queue ISIQ v10.0.2, the resulting error message reveals sensitive data. ISIQ v10.0.3 has remediated this information exposure vulnerability. CVE-2022-35288 Vulnerability Details...

6.5CVSS5.6AI score0.00601EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/07/22 11:34 p.m.•35 views

Security Bulletin: IBM Security Verify Information Queue distributes configuration files with hard-coded credentials (CVE-2022-35287)

Summary IBM Security Verify Information Queue ISIQ v10.0.2 includes YAML files and property files with hard-coded credentials. ISIQ v10.0.3 has removed these files from the installation package since they are not required for product operation. CVE-2022-35287 Vulnerability Details...

7.5CVSS7AI score0.00526EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/07/22 11:31 p.m.•29 views

Security Bulletin: Audit events query facility in IBM Security Verify Information Queue is vulnerable to SQL injection (CVE-2022-35285)

Summary The query facility in the Audit Events UI of IBM Security Verify Information Queue ISIQ v10.0.2 is vulnerable to SQL injection. This could allow an attacker to use cross-site request forgery for the purpose of executing unauthorized actions. ISIQ v10.0.3 has secured the Audit Events UI to...

8.8CVSS8AI score0.0036EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/07/22 6:6 p.m.•20 views

Security Bulletin: Session cookie used by IBM Security Verify Information Queue is not properly secured (CVE-2022-35284)

Summary IBM Security Verify Information Queue ISIQ v10.0.2 does not set the SameSite attribute in the ISIQ session cookie. As a result, any CSRF protections offered by the attribute are disabled. ISIQ v10.0.3 is now correctly setting the SameSite attribute. CVE-2022-35284 Vulnerability Details...

7.5CVSS6AI score0.00623EPSS

Exploits0Affected Software1

ATTACKERKB•added 2022/07/22 12:0 a.m.•1 views

CVE-2022-35287

IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817...

7.5CVSS5.8AI score0.00526EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2022/07/22 12:0 a.m.•0 views

CVE-2022-35284

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811...

7.5CVSS5.7AI score0.00623EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2022/07/22 12:0 a.m.•1 views

CVE-2022-35285

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812...

8.8CVSS5.7AI score0.0036EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2022/07/22 12:0 a.m.•0 views

CVE-2022-35288

IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818...

6.5CVSS5.8AI score0.00601EPSS

Exploits0References3Affected Software1

IBM Security Bulletins•added 2022/07/20 7:33 p.m.•45 views

Security Bulletin: IBM Security Verify Information Queue uses an Oracle JDBC jar with multiple vulnerabilities (CVE-2019-2444, CVE-2019-2619, CVE-2017-10321, CVE-2017-10202)

Summary The connect image in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older version of the Oracle JDBC jar file that has multiple vulnerabilities. ISIQ v10.0.3 upgraded its connect image to include a newer Oracle JDBC jar that remediates the vulnerabilities. CVE-2019-2444,...

9.9CVSS8AI score0.02306EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/07/20 7:31 p.m.•27 views

Security Bulletin: IBM Security Verify Information Queue uses a Wire Schema jar with multiple vulnerabilities (CVE-2020-27853, CVE-2021-41093)

Summary The connect image in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older version of the Wire Schema jar file that is vulnerable to remote attackers. ISIQ v10.0.3 upgraded its connect image to include a newer Wire Schema jar that remediates the vulnerabilities. CVE-2020-27853,...

9.8CVSS9.2AI score0.03778EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2022/07/20 7:27 p.m.•23 views

Security Bulletin: IBM Security Verify Information Queue uses a Google gRPC framework with multiple vulnerabilities (CVE-2017-7860, CVE-2017-7861, CVE-2017-9431)

Summary The connect image in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older version of the Google RPC gRPC framework that is vulnerable to denial of service and buffer overflow attacks. ISIQ v10.0.3 upgraded its connect image to include a newer gRPC level that remediates the...

9.8CVSS10AI score0.03125EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/07/20 7:22 p.m.•43 views

Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307)

Summary The connect image in IBM Security Verify Information Queue ISIQ v10.0.2 uses a Confluent-provided Apache Log4j library. The library includes a log-viewing component known as Chainsaw that has two deserialization flaws. ISIQ v10.0.3 upgraded its connect image to specify a newer Apache Log4...

9.8CVSS9.4AI score0.52458EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/07/20 4:53 p.m.•52 views

Security Bulletin: OpenSSL vulnerabilities in the IBM Security Verify Information Queue web server (CVE-2021-3711, CVE-2021-3712)

Summary The web server in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older Node.js version with two known OpenSSL vulnerabilities. ISIQ v10.0.3 upgraded to a Node.js version that includes a newer OpenSSL to remediate the vulnerabilities. CVE-2021-3711, CVE-2021-3712 Vulnerability...

9.8CVSS8.9AI score0.87816EPSS

Exploits1Affected Software1

OSV•added 2022/07/14 5:15 p.m.•1 views

CVE-2022-35283

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request...

6.5CVSS5.8AI score

Exploits0References2

NVD•added 2022/07/14 5:15 p.m.•14 views

CVE-2022-35283

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request...

6.5CVSS0.00963EPSS

Exploits0References2

ATTACKERKB•added 2022/07/13 12:0 a.m.•0 views

CVE-2022-35283

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request...

6.5CVSS5.8AI score0.00963EPSS

Exploits0References3Affected Software1

IBM Security Bulletins•added 2021/03/02 10:27 p.m.•10 views

Security Bulletin: IBM Security Verify Information Queue uses a Node.js proxy library that has a known vulnerability (183561)

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the http-proxy package that has a known vulnerability to a denial of service. As of v10.0.0, ISIQ has upgraded to a newer, secure version of http-proxy. Vulnerability Details Third Party Entry: 183561...

1.2AI score

Exploits0Affected Software1

CNVD•added 2021/02/20 12:0 a.m.•6 views

IBM Security Verify Information Queue Session Fixation Vulnerability

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A session fixation vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from incorre...

8.1CVSS6.5AI score0.00404EPSS

Exploits0References1

CNVD•added 2021/02/20 12:0 a.m.•7 views

IBM Security Verify Information Queue Cross-Site Request Forgery Vulnerability

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A cross-site request forgery vulnerability exists in IBM Security Verify Information Queue. An attacker could exploit...

8.8CVSS6.5AI score0.00373EPSS

Exploits0References1

CNVD•added 2021/02/20 12:0 a.m.•7 views

IBM Security Verify Information Queue User Credentials Sent in Plaintext Vulnerability

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. IBM Security Verify Information Queue suffers from a user credentials plaintext delivery vulnerability. An attacker...

5.3CVSS6.4AI score0.00643EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by