CVE-2021-20410

IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7 expose InfluxDB credentials via a logs stack YAML configuration, allowing an authenticated user to read credentials over the network through MITM. The issue is documented under CVE-2021-20410, with remediation advising customer...

CVE-2021-20410

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190...

CVE-2021-20409

IBM Security Verify Information Queue versions 1.0.6 and 1.0.7 are affected by CVE-2021-20409 due to failure to properly enable HTTP Strict Transport Security (HSTS) in internally generated error responses. This can allow a remote attacker to obtain sensitive information via man-in-the-middle tec...

CVE-2021-20408

CVE-2021-20408 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. Root cause: plaintext cryptographic key stored in a configuration file, enabling potential disclosure of highly sensitive information to a local user. Impact: confidentiality breach of product credential...

CVE-2021-20407

IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7 disclose sensitive information in source code, which could be used to facilitate further attacks. The IBM Security bulletin confirms affected product and versions and provides a remediation path: download and install the latest...

CVE-2021-20406 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184...

CVE-2021-20406

CVE-2021-20406 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The issue arises from using weaker than expected cryptographic algorithms to encrypt/decrypt application data, potentially enabling an attacker to decrypt highly sensitive information. IBM’s security bul...

PT-2021-13944 · Ibm · Ibm Security Verify Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 1.0.6 through 1.0.7 Description: The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information using...

PT-2021-13942 · Ibm · Ibm Security Verify Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue versions 1.0.6 through 1.0.7 Description: The issue discloses sensitive information in source code that could be used in further attacks against the system. Recommendations: For versions 1.0.6 and 1.0.7,...

CVE-2021-20402

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076...

CVE-2021-20404

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20403

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20402

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076...

CVE-2021-20403

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

Design/Logic Flaw

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078...

Cross site request forgery (csrf)

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

Design/Logic Flaw

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20405

CVE-2021-20405 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is improper encoding of output in web error/message handling, which could allow a user to perform unauthorized activities or disclose information via improperly encoded responses. IBM’s bu...