Lucene search
K
IbmSecurity Verify Access Docker

25 matches found

CVE
CVE
added 2025/01/20 2:50 p.m.99 views

CVE-2024-45647

IBM Security Verify Access (versions 10.0.0–10.0.8) and IBM Security Verify Access Docker (10.0.0–10.0.8) are affected by CVE-2024-45647, which allows an unauthenticated or unverified user to change the password of an expired user without the password. The underlying issue is CWE-620 (Unverified ...

9.8CVSS5.5AI score0.00259EPSS
CVE
CVE
added 2022/02/02 12:4 p.m.93 views

CVE-2021-39070

IBM Security Verify Access (Appliance 10.0.0.0/10.0.1.0/10.0.2.0 and Docker 10.0.0–10.0.2) contains a vulnerability where the advanced access control authentication service could allow an attacker to authenticate as any user. The IBM bulletin rates CVSS v3.0/3.1 at 9.8 (CRITICAL). Remediation: Ap...

9.8CVSS9AI score0.01805EPSS
CVE
CVE
added 2024/05/31 4:53 p.m.86 views

CVE-2024-35140

CVE-2024-35140 affects IBM Security Verify Access Docker versions 10.0.0–10.0.6. The root cause is improper certificate validation that could allow a local user to escalate privileges. The IBM PSIRT and related advisories indicate a fix released with 10.0.7 (and ISVA 10.0.7-ISS-ISVA-FP0000 for 10...

7.8CVSS7.5AI score0.00126EPSS
CVE
CVE
added 2024/01/11 2:48 a.m.81 views

CVE-2023-38267

CVE-2023-38267 affects IBM Security Verify Access products (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). The issue is that sensitive configuration information can be exposed to a local user, enabling potential privilege elevation. IBM’s bulletin lists this vulnerability among multip...

6.2CVSS5.1AI score0.00148EPSS
CVE
CVE
added 2024/12/19 1:10 a.m.81 views

CVE-2024-35141

CVE-2024-35141 affects IBM Security Verify Access Docker 10.0.0–10.0.6. Root cause: execution of unnecessary privileges enables local privilege escalation. Impact: local attacker could escalate privileges (high). IBM bulletins indicate fixes in 10.0.7/FP0 or later; remediation is to upgrade to th...

7.8CVSS7.7AI score0.00228EPSS
CVE
CVE
added 2024/02/03 12:31 a.m.79 views

CVE-2023-30999

CVE-2023-30999 affects IBM Security Verify Access: Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1. The issue is a denial of service caused by uncontrolled resource consumption in IBM Security Access Manager Container. Root cause details are not fully provided in the documents, but the i...

7.5CVSS7.1AI score0.01034EPSS
CVE
CVE
added 2024/05/31 4:57 p.m.75 views

CVE-2024-35142

In the available documents, CVE-2024-35142 affects IBM Security Verify Access Docker versions 10.0.0 and 10.0.6. The root cause is execution of unnecessary privileges that allows a local user to escalate privileges, yielding a HIGH impact (confidentiality, integrity, and availability). IBM’s bull...

8.4CVSS8.1AI score0.00229EPSS
CVE
CVE
added 2024/01/11 2:22 a.m.71 views

CVE-2023-31003

CVE-2023-31003 affects IBM Security Verify Access (ISVA) components: IBM Security Access Manager Container (10.0.0.0–10.0.6.1) and IBM Security Verify Access Appliance/Docker (10.0.0.0–10.0.6.1). The root cause is improper access controls that could let a local user obtain root access. Public sou...

8.4CVSS7.1AI score0.00247EPSS
CVE
CVE
added 2024/02/03 1:5 a.m.66 views

CVE-2023-31006

Summary: CVE-2023-31006 affects IBM Security Verify Access (ISVA) Docker and Appliance 10.0.0.0–10.0.6.1, where the DSC server can be overwhelmed, causing a denial of service. The issue is documented across IBM and Red Hat advisories and furthers that affected products include the ISVA Docker ima...

7.5CVSS7.1AI score0.00892EPSS
CVE
CVE
added 2025/02/04 5:34 p.m.66 views

CVE-2024-45659

CVE-2024-45659 affects IBM Security Verify Access Appliance and Container 10.0.0–10.0.8. A remote attacker could obtain sensitive information when a detailed technical error message is returned, enabling potential follow-on attacks. The IBM bulletin lists the vulnerability under CWE-209 and confi...

5.3CVSS5AI score0.00353EPSS
CVE
CVE
added 2025/06/11 2:20 p.m.65 views

CVE-2025-0163

CVE-2025-0163 affects IBM Security Verify Access Appliance and Docker versions 10.0–10.0.8. The vulnerability allows remote attackers to enumerate usernames due to an observable response discrepancy for disabled accounts. IBM’s bulletin confirms a fix path: update IBM Security Verify Access to 10...

5.3CVSS6.8AI score0.00294EPSS
CVE
CVE
added 2024/02/03 12:17 a.m.63 views

CVE-2023-31005

CVE-2023-31005 affects IBM Security Verify Access (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). Root cause is an improper security configuration that could allow a local user to escalate privileges. Affected products exposed multiple entry points in the container/appliance stack. Re...

7.8CVSS7.3AI score0.00228EPSS
CVE
CVE
added 2024/02/03 12:57 a.m.62 views

CVE-2023-32327

CVE-2023-32327 affects IBM Security Verify Access (Docker 10.0.0.0–10.0.6.1 and Appliance 10.0.0.0–10.0.6.1). Root cause: XML External Entity (XXE) processing in XML data handling. Impact: remote attacker could expose sensitive information or cause memory/resource consumption. Remediation: for ap...

7.1CVSS6.8AI score0.00963EPSS
CVE
CVE
added 2024/08/29 4:39 p.m.62 views

CVE-2024-35133

CVE-2024-35133 affects IBM Security Verify Access (ISVA) versions 10.0.0 through 10.0.8, specifically the OIDC Provider. The vulnerability arises from an input/redirect handling flaw in the OAuth flow that allows an authenticated remote attacker to spoof the Redirect URL via an open redirect, ena...

8.2CVSS6.7AI score0.0163EPSS
CVE
CVE
added 2025/02/04 8:36 p.m.62 views

CVE-2024-40700

IBM Security Verify Access Appliance and Container 10.0.0–10.0.8 are affected by CVE-2024-40700, a cross-site scripting flaw allowing an unauthenticated attacker to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: imp...

6.1CVSS6AI score0.00297EPSS
CVE
CVE
added 2024/01/11 2:44 a.m.61 views

CVE-2023-31001

CVE-2023-31001 affects IBM Security Verify Access (ISVA) components: IBM Security Verify Access Docker 10.0.0.0–10.0.6.1 and ISVA Appliance 10.0.0.0–10.0.6.1. The issue is that the container/appliance could temporarily store sensitive information in files accessible to a local user, enabling loca...

5.5CVSS5AI score0.0021EPSS
CVE
CVE
added 2025/02/04 8:40 p.m.61 views

CVE-2024-45657

CVE-2024-45657 affects IBM Security Verify Access Appliance and Container (10.0.0–10.0.8). The root cause is incorrect permissions assignment that could allow a local privileged user to perform unauthorized actions. IBM’s bulletin lists affected versions and provides remediation: upgrade to IBM S...

6.7CVSS4.9AI score0.0014EPSS
CVE
CVE
added 2024/02/03 1:3 a.m.60 views

CVE-2023-31004

IBM Security Verify Access (Docker: 10.0.0.0–10.0.6.1; Appliance: 10.0.0.0–10.0.6.1) has a CVE-2023-31004 entry describing a remote attacker who could gain access to the underlying system via man-in-the-middle techniques. The Red Hat security entry reinforces this CVE as part of IBM Security Veri...

9CVSS8.6AI score0.00988EPSS
CVE
CVE
added 2024/02/03 1:0 a.m.60 views

CVE-2023-32329

CVE-2023-32329 – IBM Security Verify Access (ISVA) : The vulnerability affects ISVA Docker 10.0.0.0–10.0.6.1 and ISVA Appliance 10.0.0.0–10.0.6.1. Root cause: improper file validation that could allow a user to download files from an incorrect repository. Impact statements in the sources indicate...

6.2CVSS5.5AI score0.00155EPSS
CVE
CVE
added 2024/02/03 12:55 a.m.59 views

CVE-2023-43016

CVE-2023-43016 affects IBM Security Verify Access: IBM Security Verify Access Appliance and IBM Security Verify Access Docker images version 10.0.0.0 through 10.0.6.1. The issue allows a remote user to log into the server due to a user account configured with an empty password. The NVD/IBM adviso...

7.3CVSS6.9AI score0.00713EPSS
CVE
CVE
added 2023/02/17 4:22 p.m.56 views

CVE-2022-36775

IBM Security Verify Access versions 10.0.0.0–10.0.4.0 are affected by an HTTP header injection due to improper HOST header validation. This can allow attacks such as cross-site scripting, cache poisoning, or session hijacking, as described in multiple sources. No exploitation details are provided...

6.5CVSS6.2AI score0.00417EPSS
CVE
CVE
added 2025/02/04 8:37 p.m.54 views

CVE-2024-43187

IBM Security Verify Access Appliance and Container versions 10.0.0–10.0.8 transmit sensitive/security-critical data in cleartext over a network channel, enabling potential information disclosure. Root cause: cleartext transmission. Affected products: IBM Security Verify Access Appliance and IBM S...

7.5CVSS6.6AI score0.00239EPSS
CVE
CVE
added 2025/10/06 4:53 p.m.21 views

CVE-2025-36354

CVE-2025-36354 affects IBM Security Verify Access and IBM Security Verify Access Docker versions 10.0.0.0–10.0.9.0 and 11.0.0.0–11.0.1.0. The issue is due to improper validation of user-supplied input, allowing an unauthenticated user to execute arbitrary commands with lower privileges. Remediati...

7.3CVSS7.2AI score0.00295EPSS
CVE
CVE
added 2025/10/06 4:52 p.m.19 views

CVE-2025-36355

CVE-2025-36355 affects IBM Security Verify Access and IBM Security Verify Access Docker. A locally authenticated user could execute malicious scripts from outside the software’s control sphere in versions 10.0.0.0–10.0.9.0 and 11.0.0.0–11.0.1.0. IBM’s bulletin notes remediation via updates: IBM S...

8.5CVSS6.4AI score0.00155EPSS
CVE
CVE
added 2025/10/06 4:50 p.m.12 views

CVE-2025-36356

CVE-2025-36356 affects IBM Security Verify Access and IBM Security Verify Access Docker (versions 10.0.0.0–10.0.9.0 and 11.0.0.0–11.0.1.0). The vulnerability arises from execution with more privileges than required, allowing a locally authenticated user to escalate to root. Public exploitation de...

9.3CVSS6.5AI score0.00176EPSS