Lucene search
+L

68 matches found

CVE
CVE
added 2020/07/22 8:30 p.m.49 views

CVE-2020-4372

Summary: CVE-2020-4372 affects IBM Verify Gateway (IVG) components and enables exposure of client secrets when debug tracing is enabled, resulting in plaintext credentials readable by a local attacker. Affected products/versions (per IBM): IVG RADIUS 1.0.0; IVG PAM 1.0.0, 1.0.1; IVG Windows Login...

7.8CVSS7AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/22 8:30 p.m.16 views

CVE-2020-4385

IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266...

6.8CVSS9.1AI score0.01248EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/07/22 8:30 p.m.18 views

CVE-2020-4372

IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009...

6.2CVSS7.1AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 2020/07/22 8:30 p.m.54 views

CVE-2020-4385

CVE-2020-4385 affects IBM Verify Gateway (IVG) versions 1.0.0 and 1.0.1, where a hard-coded credential (password/cryptographic key) is used for inbound authentication, outbound communication to external components, or internal data encryption. The IBM advisories (Security Bulletin and X-Force ent...

9.8CVSS9AI score0.01248EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/22 8:30 p.m.52 views

CVE-2020-4371

IBM Verify Gateway (IVG) PAM components have a leftover debug header/file in installation packages that exposes sensitive information. Affected products/versions: IVG PAM 1.0.0 and 1.0.1. Root cause: leftover debugging code/file not meant for delivery in PAM components. Impact: could be used by a...

4CVSS3.7AI score0.00308EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/22 8:30 p.m.19 views

CVE-2020-4371

IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008...

4CVSS3.6AI score0.00308EPSS
Exploits0References2
CVE
CVE
added 2020/07/22 8:30 p.m.50 views

CVE-2020-4369

CVE-2020-4369 affects IBM Verify Gateway (IVG) 1.0.0 and 1.0.1, where the client-secret stored in cleartext in PAM configurations could be exposed. The IBM Security bulletin notes that IVG PAM components can encrypt the client-secret in /etc/pam_ibm_auth.json, but encryption is not enabled by def...

5.5CVSS5.1AI score0.00207EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/22 8:30 p.m.17 views

CVE-2020-4369

IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004...

5.1CVSS5.2AI score0.00207EPSS
Exploits0References2
Rows per page
Query Builder