Security Verify Access Security Vulnerabilities and Issues — Security Verify Access CVE List

Lucene search

IbmSecurity Verify Access

18 matches found

CVE•added 2023/10/14 4:15 p.m.•89 views

CVE-2022-43740

IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.

7.5CVSS7.2AI score0.00131EPSS

CVE•added 2023/05/12 6:15 p.m.•77 views

CVE-2023-25927

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.

7.5CVSS6.7AI score0.00049EPSS

CVE•added 2022/07/08 6:15 p.m.•67 views

CVE-2022-22465

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.

7.8CVSS7.1AI score0.00032EPSS

CVE•added 2024/02/03 1:15 a.m.•64 views

CVE-2023-30999

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.

7.5CVSS7.1AI score0.00034EPSS

CVE•added 2022/07/08 6:15 p.m.•62 views

CVE-2022-22464

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2024/04/10 4:15 p.m.•54 views

CVE-2024-31873

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.

7.5CVSS6.5AI score0.00047EPSS

CVE•added 2024/02/03 1:15 a.m.•52 views

CVE-2023-31006

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.

7.5CVSS7.1AI score0.00031EPSS

CVE•added 2024/02/03 1:15 a.m.•49 views

CVE-2023-31005

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.

7.8CVSS7.3AI score0.00019EPSS

CVE•added 2025/02/20 4:15 p.m.•48 views

CVE-2025-0161

IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

7.8CVSS7.8AI score0.00006EPSS

CVE•added 2024/11/29 5:15 p.m.•46 views

CVE-2024-49804

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.

7.8CVSS7.6AI score0.00018EPSS

CVE•added 2021/07/15 4:15 p.m.•44 views

CVE-2021-20439

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.

7.5CVSS7.3AI score0.00205EPSS

CVE•added 2021/07/15 6:15 p.m.•44 views

CVE-2021-20497

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969

7.5CVSS7.3AI score0.00112EPSS

CVE•added 2024/07/25 6:15 p.m.•44 views

CVE-2022-32759

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

7.5CVSS5AI score0.00098EPSS

CVE•added 2024/02/03 1:15 a.m.•43 views

CVE-2023-32327

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulner...

7.1CVSS6.8AI score0.00059EPSS

CVE•added 2024/02/03 1:15 a.m.•43 views

CVE-2023-43016

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.

7.3CVSS6.9AI score0.00073EPSS

CVE•added 2021/06/01 2:15 p.m.•38 views

CVE-2021-20576

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.

7.5CVSS7.3AI score0.0101EPSS

CVE•added 2022/01/10 2:10 p.m.•34 views

CVE-2021-38921

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.

7.5CVSS7.3AI score0.00096EPSS

CVE•added 2022/01/10 2:10 p.m.•31 views

CVE-2021-38957

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.

7.5CVSS7.2AI score0.00209EPSS