90 matches found
CVE-2021-29699
The CVE pertains to IBM Security Verify Access Docker 10.0.0. Affected product: IBM Security Verify Access Docker. Issue: remote privileged user could upload arbitrary files with dangerous file types that could be executed by a user. This description is supported by IBM’s security bulletin and th...
CVE-2022-22311
CVE-2022-22311 affects IBM Security Verify Access. The issue arises from improper validation of JWT tokens, enabling manipulation via man-in-the-middle techniques to disclose sensitive information or potentially change data. Affected products/versions include IBM Security Verify Access 10.0.0 thr...
CVE-2024-49803
IBM Security Verify Access Appliance (IBM’s product, versions 10.0.0–10.0.8) has a CVE-2024-49803 issue where a remote authenticated attacker can execute arbitrary commands by sending a specially crafted request. The Red Hat/IBM bulletin and NVD entry describe this as OS Command Injection (CWE-78...
CVE-2023-25927
CVE-2023-25927 affects IBM Security Verify Access versions 10.0.0–10.0.5. The vulnerability allows an attacker to crash the webseald process via specially crafted HTTP requests, resulting in loss of access to the system. Some sources describe it as an input validation error; exploitation details ...
CVE-2024-28787
IBM Security Verify Access and IBM Application Gateway are affected by CVE-2024-28787, with Information Disclosure and potential Denial of Service via a specially crafted HTTP request. Affected products/versions: IBM Security Verify Access Container and Appliance 10.0.0–10.0.7, IBM Application Ga...
CVE-2024-45647
IBM Security Verify Access (versions 10.0.0–10.0.8) and IBM Security Verify Access Docker (10.0.0–10.0.8) are affected by CVE-2024-45647, which allows an unauthenticated or unverified user to change the password of an expired user without the password. The underlying issue is CWE-620 (Unverified ...
CVE-2021-39070
IBM Security Verify Access (Appliance 10.0.0.0/10.0.1.0/10.0.2.0 and Docker 10.0.0–10.0.2) contains a vulnerability where the advanced access control authentication service could allow an attacker to authenticate as any user. The IBM bulletin rates CVSS v3.0/3.1 at 9.8 (CRITICAL). Remediation: Ap...
CVE-2024-25027
IBM Security Verify Access (Docker container 10.0.x) is affected by CVE-2024-25027, an information-disclosure vulnerability caused by missing encryption that can expose sensitive snapshot information. The IBM Security bulletin lists a base score of 6.2 and notes the vulnerability affects ISVA 10....
CVE-2023-38267
CVE-2023-38267 affects IBM Security Verify Access products (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). The issue is that sensitive configuration information can be exposed to a local user, enabling potential privilege elevation. IBM’s bulletin lists this vulnerability among multip...
CVE-2023-30999
CVE-2023-30999 affects IBM Security Verify Access: Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1. The issue is a denial of service caused by uncontrolled resource consumption in IBM Security Access Manager Container. Root cause details are not fully provided in the documents, but the i...
CVE-2022-22465
CVE-2022-22465 affects IBM Security Access Manager Appliance (ISAM) / IBM Security Verify Access Appliance versions 10.0.0.0–10.0.3.0. The issue is improper access permissions that could allow a local user to obtain elevated privileges. IBM’s bulletin confirms the vulnerability and provides a fix...
CVE-2021-20511
CVE-2021-20511 affects IBM Security Verify Access Docker 10.0.0. A path traversal flaw allows a remote attacker to view arbitrary files by sending a crafted URL containing ../ sequences, effectively exposing system files. The IBM security bulletin confirms the vulnerability and provides a remedia...
CVE-2024-28772
CVE-2024-28772 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, with a stored cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. The issue concerns the ability for an attacker to embe...
CVE-2021-20523
Affected software: IBM Security Verify Access Docker container (version 10.0.0). Vulnerability: Remote attacker can obtain sensitive information due to a detailed technical error message returned in the browser, enabling information disclosure that could aid further attacks. Underlying cause is i...
CVE-2023-30430
CVE-2023-30430 affects IBM Security Verify Access, versions 10.0.0 through 10.0.7.1. A local user could obtain sensitive information from trace logs due to the disclosed trace data handling. The Red Hat bulletin corroborates the issue with the same CVE and notes an affected scope; the IBM bulleti...
CVE-2024-31874
CVE-2024-31874 affects IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7. The root cause is uninitialized variables during deployment, which could allow a local user to cause a denial of service. Impact is local, with availability degraded (DoS) as described in multiple sources....
CVE-2021-20498
CVE-2021-20498 affects IBM Security Verify Access Docker 10.0.0. The vuln disclosure is that a detailed technical error message in HTTP responses can reveal version information and other sensitive data, potentially aiding further attacks. IBM’s advisory for the Docker container lists a remediatio...
CVE-2022-22464
The CVE-2022-22464 entry concerns IBM Security Access Manager Appliance. Affected products are IBM Security Access Manager Appliance versions 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0. The issue is described as using weaker-than-expected cryptographic algorithms that could allow an attacker to d...
CVE-2024-31872
CVE-2024-31872 concerns IBM Security Verify Access Appliance (affected: 10.0.0–10.0.7). The root cause, per the sources, is missing certificate validation during deployment of Open Source scripts, enabling a malicious actor to conduct a man-in-the-middle attack. Impact is described as compromisin...
CVE-2021-29742
CVE-2021-29742 affects IBM Security Verify Access Docker 10.0.0, where a user could impersonate another user on the system. The IBM bulletin lists this CVE among multiple fixes for the IBM Security Verify Access Docker container and provides a remediation path: upgrade to the latest container ima...
CVE-2022-22463
Summary: IBM Security Access Manager Appliance (ISAM Appliance) versions 10.0.0.0–10.0.3.0 are vulnerable to SQL injection. A remote attacker could send crafted SQL to view, add, modify, or delete data in the back‑end database. Mitigation: IBM recommends upgrading to IBM Security Verify Access Ap...
CVE-2023-31003
CVE-2023-31003 affects IBM Security Verify Access (ISVA) components: IBM Security Access Manager Container (10.0.0.0–10.0.6.1) and IBM Security Verify Access Appliance/Docker (10.0.0.0–10.0.6.1). The root cause is improper access controls that could let a local user obtain root access. Public sou...
CVE-2023-43017
CVE-2023-43017 affects IBM Security Verify Access 10.0.0.0–10.0.6.1. Description: a privileged user could install a configuration file that could allow remote access (high impact). Affected products include IBM Security Verify Access Docker (10.0.0.0–10.0.6.1) and Appliance (10.0.0.0–10.0.6.1). R...
CVE-2024-49805
IBM Security Verify Access Appliance (ISVA) versions 10.0.0–10.0.8 contain hard-coded credentials used for inbound authentication, outbound communications, or internal data encryption. Root cause: credential exposure within the appliance. Impact in the public reports ranges from high confidential...
CVE-2021-20499
Affected product: IBM Security Verify Access Docker 10.0.0. Vulnerability type / impact: remote information disclosure where detailed technical error messages returned in the browser expose sensitive information. This could be leveraged in further attacks against the system. Root cause (as descri...
CVE-2023-32328
IBM Security Verify Access 10.0.0.0–10.0.6.1 is affected by CVE-2023-32328, where insecure protocols in some flows could allow an attacker on the network to take control of the server. The IBM Security Bulletin lists the affected products (IBM Security Verify Access Docker and IBM Security Verify...
CVE-2024-35138
IBM Security Verify Access Appliance and Container versions 10.0.0–10.0.8 are vulnerable to cross-site request forgery (CSRF), enabling an attacker to perform malicious actions on behalf of a trusted user. Root cause: CSRF in the web application allows unauthorized actions transmitted from a user...
CVE-2024-49814
CVE-2024-49814 affects IBM Security Verify Access Appliance versions 10.0.0–10.0.3. A locally authenticated user could escalate privileges due to execution with unnecessary privileges, per IBM and vendor records (CVSS v3.1 base 7.8, HIGH). Remediation: upgrade to a version where the service is no...
CVE-2021-20496
CVE-2021-20496 affects IBM Security Verify Access Docker 10.0.0, where an authenticated user could bypass input due to improper input validation. Root cause: input validation flaw in the container. Impact (as stated): bypass of input checks with no denial of service or remote code execution expli...
CVE-2023-31006
Summary: CVE-2023-31006 affects IBM Security Verify Access (ISVA) Docker and Appliance 10.0.0.0–10.0.6.1, where the DSC server can be overwhelmed, causing a denial of service. The issue is documented across IBM and Red Hat advisories and furthers that affected products include the ISVA Docker ima...
CVE-2024-45659
CVE-2024-45659 affects IBM Security Verify Access Appliance and Container 10.0.0–10.0.8. A remote attacker could obtain sensitive information when a detailed technical error message is returned, enabling potential follow-on attacks. The IBM bulletin lists the vulnerability under CWE-209 and confi...
CVE-2021-20500
CVE-2021-20500 affects IBM Security Verify Access Docker 10.0.0, with an information-disclosure flaw that could reveal highly sensitive data to a local privileged user. The issue is confirmed in IBM’s vulnerability bulletin and related sources, which also lists a remediation: upgrade to the patch...
CVE-2024-31873
CVE-2024-31873 affects IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7, where hard-coded credentials are used for inbound authentication. The issue stems from credentials embedded in the appliance, which a malicious actor could obtain, enabling potential unauthorized access to...
CVE-2025-0161
IBM Security Verify Access Appliance (Affecting 10.0.0.0–10.0.9.0 and 11.0.0.0) is vulnerable to local code execution due to improper restrictions on code generation (CWE-94). The IBM Security Bulletin details that a local user could exploit this to execute arbitrary code. Remediation is to upgra...
CVE-2021-20497
CVE-2021-20497 affects IBM Security Verify Access Docker 10.0.0, where the product uses weaker-than-expected cryptographic algorithms allowing an attacker to decrypt highly sensitive information. Connected IBM advisories confirm the affected container and provide remediation: upgrade to IBM Secur...
CVE-2025-0163
CVE-2025-0163 affects IBM Security Verify Access Appliance and Docker versions 10.0–10.0.8. The vulnerability allows remote attackers to enumerate usernames due to an observable response discrepancy for disabled accounts. IBM’s bulletin confirms a fix path: update IBM Security Verify Access to 10...
CVE-2022-22370
CVE-2022-22370 affects IBM Security Verify Access 10.0.0.0–10.0.3.0, with cross-site scripting via the Web UI due to inadequate cleaning of user-provided data. Documented impact: arbitrary JavaScript in the UI potentially leading to credentials disclosure within a trusted session. Remediation app...
CVE-2023-32330
CVE-2023-32330 affects IBM Security Verify Access Docker 10.0.0.0–10.0.6.1 and IBM Security Verify Access Appliance 10.0.0.0–10.0.6.1. The description states that insecure calls could allow a network-attached attacker to take control of the server. No exploitation details are provided in the init...
CVE-2024-31883
IBM Security Verify Access is affected in versions 10.0.0.0 through 10.0.7.1. An unauthenticated attacker could cause a denial-of-service due to asymmetric resource consumption under certain configurations. The IBM bulletin and Red Hat advisory confirm the same CVE-2024-31883 details, with remedi...
CVE-2021-20510
The CVE-2021-20510 issue affects IBM Security Verify Access Docker 10.0.0, where user credentials are stored in plain clear text, allowing read access by a local user. Root cause: plaintext credential storage within the Docker container. Impact: local attacker could obtain credentials, enabling f...
CVE-2021-20534
CVE-2021-20534 affects IBM Security Verify Access Docker 10.0.0. The issue is an open redirect that could be exploited in phishing to spoof URLs and direct users to a malicious site. IBM remediation provides an updated container image: docker pull ibmcom/verify-access:10.0.2.0. Details in IBM bul...
CVE-2023-31005
CVE-2023-31005 affects IBM Security Verify Access (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). Root cause is an improper security configuration that could allow a local user to escalate privileges. Affected products exposed multiple entry points in the container/appliance stack. Re...
CVE-2023-32327
CVE-2023-32327 affects IBM Security Verify Access (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). Root cause: XML External Entity (XXE) processing in XML data handling. Impact: remote attacker could expose sensitive information or cause memory/resource consumption. Remediation: for ap...
CVE-2024-35133
CVE-2024-35133 affects IBM Security Verify Access (ISVA) versions 10.0.0 through 10.0.8, specifically the OIDC Provider. The vulnerability arises from an input/redirect handling flaw in the OAuth flow that allows an authenticated remote attacker to spoof the Redirect URL via an open redirect, ena...
CVE-2024-40700
IBM Security Verify Access Appliance and Container 10.0.0–10.0.8 are affected by CVE-2024-40700, a cross-site scripting flaw allowing an unauthenticated attacker to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: imp...
CVE-2023-31001
CVE-2023-31001 affects IBM Security Verify Access (ISVA) components: IBM Security Verify Access Docker 10.0.0.0–10.0.6.1 and ISVA Appliance 10.0.0.0–10.0.6.1. The issue is that the container/appliance could temporarily store sensitive information in files accessible to a local user, enabling loca...
CVE-2024-45657
CVE-2024-45657 affects IBM Security Verify Access Appliance and Container (10.0.0–10.0.8). The root cause is incorrect permissions assignment that could allow a local privileged user to perform unauthorized actions. IBM’s bulletin lists affected versions and provides remediation: upgrade to IBM S...
CVE-2019-4552
CVE-2019-4552 affects IBM Security Access Manager (ISAM) 9.0.7 and IBM Security Verify Access (ISVA) 10.0.0. The vulnerability is an HTTP response splitting flaw that a remote attacker can trigger by clicking a specially crafted URL, potentially enabling web cache poisoning, cross-site scripting,...
CVE-2020-4661
IBM Security Access Manager (ISAM) 9.0.7 and IBM Security Verify Access (ISVA) 10.0.0 are affected by CVE-2020-4661, a timing side-channel information disclosure vulnerability. The issue stems from a vulnerability in how ISAM/ISVA handled certain operations, potentially allowing an attacker to ob...
CVE-2023-31004
IBM Security Verify Access (Docker: 10.0.0.0–10.0.6.1; Appliance: 10.0.0.0–10.0.6.1) has a CVE-2023-31004 entry describing a remote attacker who could gain access to the underlying system via man-in-the-middle techniques. The Red Hat security entry reinforces this CVE as part of IBM Security Veri...