3 matches found
CVE-2021-20583
CVE-2021-20583 affects IBM Security Verify Privilege Vault (IBM Security Verify) up to version 10.9.66. The issue is an information disclosure via an HTTP GET request by a privileged user caused by improper input validation in the Privilege Vault component. Impact is exposure of sensitive informa...
CVE-2021-29676
IBM Security Verify Privilege Vault (10.9.66 and prior releases) is vulnerable to a link-injection flaw. A remote attacker could lure a user into clicking a specially crafted URL, enabling cross-site scripting, cache poisoning, or session hijacking. Affected product facet: IBM Security Verify Pri...
CVE-2021-29677
CVE-2021-29677 is an XSS vulnerability in IBM Security Verify Privilege Vault (10.9.66) where attackers can embed arbitrary JavaScript in the Web UI, potentially altering functionality and disclosing credentials within a trusted session. The root cause is a cross-site scripting flaw in the Privil...