Security Verify Access@10.0.8 Security Vulnerabilities and Issues — Security Verify Access@10.0.8 CVE List

Lucene search

IbmSecurity Verify Access10.0.8

12 matches found

CVE•added 2025/01/20 3:15 p.m.•82 views

CVE-2024-45647

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.

9.8CVSS5.5AI score0.00053EPSS

CVE•added 2024/11/29 5:15 p.m.•81 views

CVE-2024-49803

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

9.8CVSS9.5AI score0.00215EPSS

CVE•added 2025/02/04 9:15 p.m.•59 views

CVE-2024-35138

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5CVSS6.5AI score0.0001EPSS

CVE•added 2024/11/29 5:15 p.m.•59 views

CVE-2024-49805

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

9.8CVSS9.3AI score0.00101EPSS

CVE•added 2025/02/04 6:15 p.m.•50 views

CVE-2024-45659

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

5.3CVSS5AI score0.00062EPSS

CVE•added 2024/08/29 5:15 p.m.•49 views

CVE-2024-35133

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL di...

8.2CVSS6.7AI score0.00641EPSS

CVE•added 2025/02/04 9:15 p.m.•47 views

CVE-2024-45657

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

6.7CVSS4.9AI score0.0001EPSS

CVE•added 2024/11/29 5:15 p.m.•47 views

CVE-2024-49804

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.

7.8CVSS7.6AI score0.00022EPSS

CVE•added 2025/02/04 9:15 p.m.•46 views

CVE-2024-40700

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

6.1CVSS6AI score0.00153EPSS

CVE•added 2024/11/29 5:15 p.m.•45 views

CVE-2024-49806

9.8CVSS9.3AI score0.00101EPSS

CVE•added 2025/02/04 9:15 p.m.•43 views

CVE-2024-45658

5.3CVSS6.2AI score0.00057EPSS

CVE•added 2025/02/04 9:15 p.m.•41 views

CVE-2024-43187

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

7.5CVSS6.6AI score0.00029EPSS