Lucene search
K
IbmSecurity Verify Access

90 matches found

CVE
CVE
added 2021/07/15 5:16 p.m.199 views

CVE-2021-29699

The CVE pertains to IBM Security Verify Access Docker 10.0.0. Affected product: IBM Security Verify Access Docker. Issue: remote privileged user could upload arbitrary files with dangerous file types that could be executed by a user. This description is supported by IBM’s security bulletin and th...

6.8CVSS6.7AI score0.00936EPSS
CVE
CVE
added 2022/03/31 5:30 p.m.105 views

CVE-2022-22311

CVE-2022-22311 affects IBM Security Verify Access. The issue arises from improper validation of JWT tokens, enabling manipulation via man-in-the-middle techniques to disclose sensitive information or potentially change data. Affected products/versions include IBM Security Verify Access 10.0.0 thr...

6.5CVSS6.3AI score0.0067EPSS
CVE
CVE
added 2024/11/29 4:50 p.m.100 views

CVE-2024-49803

IBM Security Verify Access Appliance (IBM’s product, versions 10.0.0–10.0.8) has a CVE-2024-49803 issue where a remote authenticated attacker can execute arbitrary commands by sending a specially crafted request. The Red Hat/IBM bulletin and NVD entry describe this as OS Command Injection (CWE-78...

9.8CVSS9.5AI score0.0077EPSS
CVE
CVE
added 2023/05/12 5:38 p.m.99 views

CVE-2023-25927

CVE-2023-25927 affects IBM Security Verify Access versions 10.0.0–10.0.5. The vulnerability allows an attacker to crash the webseald process via specially crafted HTTP requests, resulting in loss of access to the system. Some sources describe it as an input validation error; exploitation details ...

7.5CVSS6.7AI score0.01485EPSS
CVE
CVE
added 2024/04/04 5:31 p.m.99 views

CVE-2024-28787

IBM Security Verify Access and IBM Application Gateway are affected by CVE-2024-28787, with Information Disclosure and potential Denial of Service via a specially crafted HTTP request. Affected products/versions: IBM Security Verify Access Container and Appliance 10.0.0–10.0.7, IBM Application Ga...

10CVSS8.3AI score0.00815EPSS
CVE
CVE
added 2025/01/20 2:50 p.m.98 views

CVE-2024-45647

IBM Security Verify Access (versions 10.0.0–10.0.8) and IBM Security Verify Access Docker (10.0.0–10.0.8) are affected by CVE-2024-45647, which allows an unauthenticated or unverified user to change the password of an expired user without the password. The underlying issue is CWE-620 (Unverified ...

9.8CVSS5.5AI score0.00259EPSS
CVE
CVE
added 2022/02/02 12:4 p.m.92 views

CVE-2021-39070

IBM Security Verify Access (Appliance 10.0.0.0/10.0.1.0/10.0.2.0 and Docker 10.0.0–10.0.2) contains a vulnerability where the advanced access control authentication service could allow an attacker to authenticate as any user. The IBM bulletin rates CVSS v3.0/3.1 at 9.8 (CRITICAL). Remediation: Ap...

9.8CVSS9AI score0.01805EPSS
CVE
CVE
added 2024/03/31 11:40 a.m.83 views

CVE-2024-25027

IBM Security Verify Access (Docker container 10.0.x) is affected by CVE-2024-25027, an information-disclosure vulnerability caused by missing encryption that can expose sensitive snapshot information. The IBM Security bulletin lists a base score of 6.2 and notes the vulnerability affects ISVA 10....

6.2CVSS5.8AI score0.00107EPSS
CVE
CVE
added 2024/01/11 2:48 a.m.81 views

CVE-2023-38267

CVE-2023-38267 affects IBM Security Verify Access products (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). The issue is that sensitive configuration information can be exposed to a local user, enabling potential privilege elevation. IBM’s bulletin lists this vulnerability among multip...

6.2CVSS5.1AI score0.00148EPSS
CVE
CVE
added 2024/02/03 12:31 a.m.79 views

CVE-2023-30999

CVE-2023-30999 affects IBM Security Verify Access: Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1. The issue is a denial of service caused by uncontrolled resource consumption in IBM Security Access Manager Container. Root cause details are not fully provided in the documents, but the i...

7.5CVSS7.1AI score0.01034EPSS
CVE
CVE
added 2022/07/08 5:45 p.m.78 views

CVE-2022-22465

CVE-2022-22465 affects IBM Security Access Manager Appliance (ISAM) / IBM Security Verify Access Appliance versions 10.0.0.0–10.0.3.0. The issue is improper access permissions that could allow a local user to obtain elevated privileges. IBM’s bulletin confirms the vulnerability and provides a fix...

7.8CVSS7.1AI score0.00224EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.77 views

CVE-2021-20511

CVE-2021-20511 affects IBM Security Verify Access Docker 10.0.0. A path traversal flaw allows a remote attacker to view arbitrary files by sending a crafted URL containing ../ sequences, effectively exposing system files. The IBM security bulletin confirms the vulnerability and provides a remedia...

6.8CVSS5.3AI score0.01892EPSS
CVE
CVE
added 2024/07/25 5:18 p.m.76 views

CVE-2024-28772

CVE-2024-28772 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, with a stored cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. The issue concerns the ability for an attacker to embe...

6.8CVSS5.9AI score0.00283EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.75 views

CVE-2021-20523

Affected software: IBM Security Verify Access Docker container (version 10.0.0). Vulnerability: Remote attacker can obtain sensitive information due to a detailed technical error message returned in the browser, enabling information disclosure that could aid further attacks. Underlying cause is i...

4CVSS3.7AI score0.00966EPSS
CVE
CVE
added 2024/06/27 3:53 p.m.75 views

CVE-2023-30430

CVE-2023-30430 affects IBM Security Verify Access, versions 10.0.0 through 10.0.7.1. A local user could obtain sensitive information from trace logs due to the disclosed trace data handling. The Red Hat bulletin corroborates the issue with the same CVE and notes an affected scope; the IBM bulleti...

5.5CVSS5AI score0.00163EPSS
CVE
CVE
added 2024/04/10 4:2 p.m.74 views

CVE-2024-31874

CVE-2024-31874 affects IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7. The root cause is uninitialized variables during deployment, which could allow a local user to cause a denial of service. Impact is local, with availability degraded (DoS) as described in multiple sources....

6.2CVSS6AI score0.00295EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.73 views

CVE-2021-20498

CVE-2021-20498 affects IBM Security Verify Access Docker 10.0.0. The vuln disclosure is that a detailed technical error message in HTTP responses can reveal version information and other sensitive data, potentially aiding further attacks. IBM’s advisory for the Docker container lists a remediatio...

5.3CVSS5.9AI score0.00944EPSS
CVE
CVE
added 2022/07/08 5:45 p.m.73 views

CVE-2022-22464

The CVE-2022-22464 entry concerns IBM Security Access Manager Appliance. Affected products are IBM Security Access Manager Appliance versions 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0. The issue is described as using weaker-than-expected cryptographic algorithms that could allow an attacker to d...

7.5CVSS7.2AI score0.00642EPSS
CVE
CVE
added 2024/04/10 3:51 p.m.73 views

CVE-2024-31872

CVE-2024-31872 concerns IBM Security Verify Access Appliance (affected: 10.0.0–10.0.7). The root cause, per the sources, is missing certificate validation during deployment of Open Source scripts, enabling a malicious actor to conduct a man-in-the-middle attack. Impact is described as compromisin...

8.1CVSS7.1AI score0.00582EPSS
CVE
CVE
added 2021/07/15 5:16 p.m.72 views

CVE-2021-29742

CVE-2021-29742 affects IBM Security Verify Access Docker 10.0.0, where a user could impersonate another user on the system. The IBM bulletin lists this CVE among multiple fixes for the IBM Security Verify Access Docker container and provides a remediation path: upgrade to the latest container ima...

8CVSS7.4AI score0.00367EPSS
CVE
CVE
added 2022/07/08 5:45 p.m.72 views

CVE-2022-22463

Summary: IBM Security Access Manager Appliance (ISAM Appliance) versions 10.0.0.0–10.0.3.0 are vulnerable to SQL injection. A remote attacker could send crafted SQL to view, add, modify, or delete data in the back‑end database. Mitigation: IBM recommends upgrading to IBM Security Verify Access Ap...

6.5CVSS6.7AI score0.00905EPSS
CVE
CVE
added 2024/01/11 2:22 a.m.71 views

CVE-2023-31003

CVE-2023-31003 affects IBM Security Verify Access (ISVA) components: IBM Security Access Manager Container (10.0.0.0–10.0.6.1) and IBM Security Verify Access Appliance/Docker (10.0.0.0–10.0.6.1). The root cause is improper access controls that could let a local user obtain root access. Public sou...

8.4CVSS7.1AI score0.00247EPSS
CVE
CVE
added 2024/02/07 4:10 p.m.70 views

CVE-2023-43017

CVE-2023-43017 affects IBM Security Verify Access 10.0.0.0–10.0.6.1. Description: a privileged user could install a configuration file that could allow remote access (high impact). Affected products include IBM Security Verify Access Docker (10.0.0.0–10.0.6.1) and Appliance (10.0.0.0–10.0.6.1). R...

8.2CVSS6.6AI score0.00555EPSS
CVE
CVE
added 2024/11/29 4:52 p.m.70 views

CVE-2024-49805

IBM Security Verify Access Appliance (ISVA) versions 10.0.0–10.0.8 contain hard-coded credentials used for inbound authentication, outbound communications, or internal data encryption. Root cause: credential exposure within the appliance. Impact in the public reports ranges from high confidential...

9.8CVSS9.3AI score0.0033EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.69 views

CVE-2021-20499

Affected product: IBM Security Verify Access Docker 10.0.0. Vulnerability type / impact: remote information disclosure where detailed technical error messages returned in the browser expose sensitive information. This could be leveraged in further attacks against the system. Root cause (as descri...

4CVSS3.7AI score0.00966EPSS
CVE
CVE
added 2024/02/07 4:7 p.m.69 views

CVE-2023-32328

IBM Security Verify Access 10.0.0.0–10.0.6.1 is affected by CVE-2023-32328, where insecure protocols in some flows could allow an attacker on the network to take control of the server. The IBM Security Bulletin lists the affected products (IBM Security Verify Access Docker and IBM Security Verify...

9.8CVSS9.2AI score0.00577EPSS
CVE
CVE
added 2025/02/04 8:38 p.m.67 views

CVE-2024-35138

IBM Security Verify Access Appliance and Container versions 10.0.0–10.0.8 are vulnerable to cross-site request forgery (CSRF), enabling an attacker to perform malicious actions on behalf of a trusted user. Root cause: CSRF in the web application allows unauthorized actions transmitted from a user...

6.5CVSS6.5AI score0.002EPSS
CVE
CVE
added 2025/02/06 12:10 a.m.67 views

CVE-2024-49814

CVE-2024-49814 affects IBM Security Verify Access Appliance versions 10.0.0–10.0.3. A locally authenticated user could escalate privileges due to execution with unnecessary privileges, per IBM and vendor records (CVSS v3.1 base 7.8, HIGH). Remediation: upgrade to a version where the service is no...

7.8CVSS7.5AI score0.00233EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.66 views

CVE-2021-20496

CVE-2021-20496 affects IBM Security Verify Access Docker 10.0.0, where an authenticated user could bypass input due to improper input validation. Root cause: input validation flaw in the container. Impact (as stated): bypass of input checks with no denial of service or remote code execution expli...

4.9CVSS5.2AI score0.00649EPSS
CVE
CVE
added 2024/02/03 1:5 a.m.66 views

CVE-2023-31006

Summary: CVE-2023-31006 affects IBM Security Verify Access (ISVA) Docker and Appliance 10.0.0.0–10.0.6.1, where the DSC server can be overwhelmed, causing a denial of service. The issue is documented across IBM and Red Hat advisories and furthers that affected products include the ISVA Docker ima...

7.5CVSS7.1AI score0.00892EPSS
CVE
CVE
added 2025/02/04 5:34 p.m.66 views

CVE-2024-45659

CVE-2024-45659 affects IBM Security Verify Access Appliance and Container 10.0.0–10.0.8. A remote attacker could obtain sensitive information when a detailed technical error message is returned, enabling potential follow-on attacks. The IBM bulletin lists the vulnerability under CWE-209 and confi...

5.3CVSS5AI score0.00353EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.65 views

CVE-2021-20500

CVE-2021-20500 affects IBM Security Verify Access Docker 10.0.0, with an information-disclosure flaw that could reveal highly sensitive data to a local privileged user. The issue is confirmed in IBM’s vulnerability bulletin and related sources, which also lists a remediation: upgrade to the patch...

4.4CVSS5AI score0.00251EPSS
CVE
CVE
added 2024/04/10 3:58 p.m.65 views

CVE-2024-31873

CVE-2024-31873 affects IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7, where hard-coded credentials are used for inbound authentication. The issue stems from credentials embedded in the appliance, which a malicious actor could obtain, enabling potential unauthorized access to...

7.5CVSS6.5AI score0.01197EPSS
CVE
CVE
added 2025/02/20 4:2 p.m.65 views

CVE-2025-0161

IBM Security Verify Access Appliance (Affecting 10.0.0.0–10.0.9.0 and 11.0.0.0) is vulnerable to local code execution due to improper restrictions on code generation (CWE-94). The IBM Security Bulletin details that a local user could exploit this to execute arbitrary code. Remediation is to upgra...

7.8CVSS7.8AI score0.0023EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.64 views

CVE-2021-20497

CVE-2021-20497 affects IBM Security Verify Access Docker 10.0.0, where the product uses weaker-than-expected cryptographic algorithms allowing an attacker to decrypt highly sensitive information. Connected IBM advisories confirm the affected container and provide remediation: upgrade to IBM Secur...

7.5CVSS7.3AI score0.0071EPSS
CVE
CVE
added 2025/06/11 2:20 p.m.64 views

CVE-2025-0163

CVE-2025-0163 affects IBM Security Verify Access Appliance and Docker versions 10.0–10.0.8. The vulnerability allows remote attackers to enumerate usernames due to an observable response discrepancy for disabled accounts. IBM’s bulletin confirms a fix path: update IBM Security Verify Access to 10...

5.3CVSS6.8AI score0.00294EPSS
CVE
CVE
added 2022/07/08 5:45 p.m.63 views

CVE-2022-22370

CVE-2022-22370 affects IBM Security Verify Access 10.0.0.0–10.0.3.0, with cross-site scripting via the Web UI due to inadequate cleaning of user-provided data. Documented impact: arbitrary JavaScript in the UI potentially leading to credentials disclosure within a trusted session. Remediation app...

5.4CVSS5.2AI score0.00435EPSS
CVE
CVE
added 2024/02/07 4:9 p.m.63 views

CVE-2023-32330

CVE-2023-32330 affects IBM Security Verify Access Docker 10.0.0.0–10.0.6.1 and IBM Security Verify Access Appliance 10.0.0.0–10.0.6.1. The description states that insecure calls could allow a network-attached attacker to take control of the server. No exploitation details are provided in the init...

9.8CVSS9AI score0.0086EPSS
CVE
CVE
added 2024/06/27 3:50 p.m.63 views

CVE-2024-31883

IBM Security Verify Access is affected in versions 10.0.0.0 through 10.0.7.1. An unauthenticated attacker could cause a denial-of-service due to asymmetric resource consumption under certain configurations. The IBM bulletin and Red Hat advisory confirm the same CVE-2024-31883 details, with remedi...

5.9CVSS5.3AI score0.00588EPSS
CVE
CVE
added 2021/07/15 5:15 p.m.62 views

CVE-2021-20510

The CVE-2021-20510 issue affects IBM Security Verify Access Docker 10.0.0, where user credentials are stored in plain clear text, allowing read access by a local user. Root cause: plaintext credential storage within the Docker container. Impact: local attacker could obtain credentials, enabling f...

6.8CVSS4.6AI score0.0048EPSS
CVE
CVE
added 2021/07/15 5:16 p.m.62 views

CVE-2021-20534

CVE-2021-20534 affects IBM Security Verify Access Docker 10.0.0. The issue is an open redirect that could be exploited in phishing to spoof URLs and direct users to a malicious site. IBM remediation provides an updated container image: docker pull ibmcom/verify-access:10.0.2.0. Details in IBM bul...

4.9CVSS4.8AI score0.00545EPSS
CVE
CVE
added 2024/02/03 12:17 a.m.62 views

CVE-2023-31005

CVE-2023-31005 affects IBM Security Verify Access (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). Root cause is an improper security configuration that could allow a local user to escalate privileges. Affected products exposed multiple entry points in the container/appliance stack. Re...

7.8CVSS7.3AI score0.00228EPSS
CVE
CVE
added 2024/02/03 12:57 a.m.62 views

CVE-2023-32327

CVE-2023-32327 affects IBM Security Verify Access (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). Root cause: XML External Entity (XXE) processing in XML data handling. Impact: remote attacker could expose sensitive information or cause memory/resource consumption. Remediation: for ap...

7.1CVSS6.8AI score0.00963EPSS
CVE
CVE
added 2024/08/29 4:39 p.m.62 views

CVE-2024-35133

CVE-2024-35133 affects IBM Security Verify Access (ISVA) versions 10.0.0 through 10.0.8, specifically the OIDC Provider. The vulnerability arises from an input/redirect handling flaw in the OAuth flow that allows an authenticated remote attacker to spoof the Redirect URL via an open redirect, ena...

8.2CVSS6.7AI score0.0163EPSS
CVE
CVE
added 2025/02/04 8:36 p.m.62 views

CVE-2024-40700

IBM Security Verify Access Appliance and Container 10.0.0–10.0.8 are affected by CVE-2024-40700, a cross-site scripting flaw allowing an unauthenticated attacker to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: imp...

6.1CVSS6AI score0.00297EPSS
CVE
CVE
added 2024/01/11 2:44 a.m.61 views

CVE-2023-31001

CVE-2023-31001 affects IBM Security Verify Access (ISVA) components: IBM Security Verify Access Docker 10.0.0.0–10.0.6.1 and ISVA Appliance 10.0.0.0–10.0.6.1. The issue is that the container/appliance could temporarily store sensitive information in files accessible to a local user, enabling loca...

5.5CVSS5AI score0.0021EPSS
CVE
CVE
added 2025/02/04 8:40 p.m.61 views

CVE-2024-45657

CVE-2024-45657 affects IBM Security Verify Access Appliance and Container (10.0.0–10.0.8). The root cause is incorrect permissions assignment that could allow a local privileged user to perform unauthorized actions. IBM’s bulletin lists affected versions and provides remediation: upgrade to IBM S...

6.7CVSS4.9AI score0.0014EPSS
CVE
CVE
added 2020/10/15 12:40 p.m.60 views

CVE-2019-4552

CVE-2019-4552 affects IBM Security Access Manager (ISAM) 9.0.7 and IBM Security Verify Access (ISVA) 10.0.0. The vulnerability is an HTTP response splitting flaw that a remote attacker can trigger by clicking a specially crafted URL, potentially enabling web cache poisoning, cross-site scripting,...

6.1CVSS6.5AI score0.00908EPSS
CVE
CVE
added 2020/10/12 1:5 p.m.60 views

CVE-2020-4661

IBM Security Access Manager (ISAM) 9.0.7 and IBM Security Verify Access (ISVA) 10.0.0 are affected by CVE-2020-4661, a timing side-channel information disclosure vulnerability. The issue stems from a vulnerability in how ISAM/ISVA handled certain operations, potentially allowing an attacker to ob...

5.3CVSS4.9AI score0.0045EPSS
CVE
CVE
added 2024/02/03 1:3 a.m.60 views

CVE-2023-31004

IBM Security Verify Access (Docker: 10.0.0.0–10.0.6.1; Appliance: 10.0.0.0–10.0.6.1) has a CVE-2023-31004 entry describing a remote attacker who could gain access to the underlying system via man-in-the-middle techniques. The Red Hat security entry reinforces this CVE as part of IBM Security Veri...

9CVSS8.6AI score0.00988EPSS
Total number of security vulnerabilities90