Lucene search
K

68 matches found

NVD
NVD
added 2020/07/22 9:15 p.m.11 views

CVE-2020-4369

IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004...

5.5CVSS5AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2020/07/22 9:15 p.m.17 views

CVE-2020-4385

IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266...

9.8CVSS7.2AI score0.01248EPSS
Exploits0References2
OSV
OSV
added 2020/07/22 9:15 p.m.3 views

CVE-2020-4400

IBM Verify Gateway IVG 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478...

7.5CVSS7.2AI score0.01631EPSS
Exploits0References2
NVD
NVD
added 2020/07/22 9:15 p.m.20 views

CVE-2020-4397

IBM Verify Gateway IVG 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428...

6.8CVSS5.8AI score0.00646EPSS
Exploits0References2
OSV
OSV
added 2020/07/22 9:15 p.m.5 views

CVE-2020-4371

IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008...

3.3CVSS5.8AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2020/07/22 9:15 p.m.2 views

CVE-2020-4372

IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009...

7.8CVSS6.6AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2020/07/22 9:15 p.m.1 views

CVE-2020-4369

IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004...

5.5CVSS6AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2020/07/22 9:15 p.m.12 views

CVE-2020-4400

IBM Verify Gateway IVG 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478...

7.5CVSS7.3AI score0.01631EPSS
Exploits0References2
NVD
NVD
added 2020/07/22 9:15 p.m.15 views

CVE-2020-4372

IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009...

7.8CVSS6.1AI score0.00288EPSS
Exploits0References2
Prion
Prion
added 2020/07/22 9:15 p.m.18 views

Code injection

IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008...

2.1CVSS3.6AI score0.00308EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/07/22 9:15 p.m.9 views

Information disclosure

IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004...

2.1CVSS5.1AI score0.00207EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/07/22 9:15 p.m.21 views

Information disclosure

IBM Verify Gateway IVG 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428...

4.3CVSS5.3AI score0.00646EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/07/22 9:15 p.m.15 views

Code injection

IBM Verify Gateway IVG 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478...

5CVSS7.2AI score0.01631EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/07/22 9:15 p.m.14 views

Design/Logic Flaw

IBM Verify Gateway IVG 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476...

4CVSS6.2AI score0.01136EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/07/22 9:15 p.m.19 views

Hardcoded credentials

IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266...

7.5CVSS8.9AI score0.01248EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/22 8:30 p.m.47 views

CVE-2020-4400

CVE-2020-4400 concerns IBM Verify Gateway (IVG) where the account lockout settings were inadequate, enabling a remote attacker to brute‑force credentials. Affected IVG components include RADIUS 1.0.0, PAM 1.0.0/1.0.1, and WinLogin 1.0.0/1.0.1. The root cause is insufficient throttling of authenti...

7.5CVSS7.3AI score0.01631EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/22 8:30 p.m.13 views

CVE-2020-4400

IBM Verify Gateway IVG 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478...

7.5CVSS7.3AI score0.01631EPSS
Exploits0References2
CVE
CVE
added 2020/07/22 8:30 p.m.49 views

CVE-2020-4397

CVE-2020-4397 affects IBM Verify Gateway (IVG) PAM components (AIX PAM 1.0.0/1.0.1; Linux PAM 1.0.0/1.0.1) where the Authd service could expose sensitive data in cleartext over TCP, enabling eavesdropping/mitm. The IBM Security bulletin notes that as of IVG PAM v1.0.1 (AIX) and v1.0.2 (Linux), th...

6.8CVSS5.4AI score0.00646EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/22 8:30 p.m.13 views

CVE-2020-4399

IBM Verify Gateway IVG 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476...

6.5CVSS6.2AI score0.01136EPSS
Exploits0References2
CVE
CVE
added 2020/07/22 8:30 p.m.47 views

CVE-2020-4399

Summary of CVE-2020-4399 (IBM Verify Gateway PAM) : The vulnerability affects IBM Verify Gateway (IVG) PAM components (AIX PAM v1.0.1 and Linux PAM v1.0.2 as the fixed versions). The issue stems from the Authd service, which listens on TCP port 12 and could be abused by an authenticated user to s...

6.5CVSS6.2AI score0.01136EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder