Security Verify Access Security Vulnerabilities and Issues — Security Verify Access CVE List

Lucene search

IbmSecurity Verify Access

10 matches found

CVE•added 2024/11/29 5:15 p.m.•80 views

CVE-2024-49803

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

9.8CVSS9.5AI score0.00188EPSS

CVE•added 2025/01/20 3:15 p.m.•79 views

CVE-2024-45647

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.

9.8CVSS5.5AI score0.00042EPSS

CVE•added 2022/02/02 12:15 p.m.•76 views

CVE-2021-39070

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353.

9.8CVSS9AI score0.00671EPSS

CVE•added 2024/11/29 5:15 p.m.•58 views

CVE-2024-49805

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

9.8CVSS9.3AI score0.0011EPSS

CVE•added 2024/02/07 5:15 p.m.•57 views

CVE-2023-32328

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.

9.8CVSS9.2AI score0.00026EPSS

CVE•added 2024/02/03 1:15 a.m.•45 views

CVE-2023-31004

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.

9CVSS8.6AI score0.00119EPSS

CVE•added 2024/02/07 5:15 p.m.•45 views

CVE-2023-32330

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.

9.8CVSS9AI score0.00049EPSS

CVE•added 2024/11/29 5:15 p.m.•44 views

CVE-2024-49806

9.8CVSS9.3AI score0.0011EPSS

CVE•added 2021/06/01 2:15 p.m.•40 views

CVE-2021-29665

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.

9CVSS7.8AI score0.00679EPSS

CVE•added 2020/10/15 1:15 p.m.•39 views

CVE-2020-4499

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.

9.8CVSS9.2AI score0.00383EPSS