Lucene search
K
IbmSecurity Verify Information Queue

23 matches found

CVE
CVE
added 2021/02/12 4:35 p.m.80 views

CVE-2021-20407

IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7 disclose sensitive information in source code, which could be used to facilitate further attacks. The IBM Security bulletin confirms affected product and versions and provides a remediation path: download and install the latest...

7.5CVSS6AI score0.00655EPSS
CVE
CVE
added 2022/07/25 5:20 p.m.80 views

CVE-2022-35284

IBM Security Verify Information Queue (ISIQ) 10.0.2 is vulnerable to information disclosure due to a missing/insecure SameSite attribute on a sensitive cookie. The issue affects ISIQ 10.0.2 and is addressed by upgrading to ISIQ 10.0.3 or newer. The lack of SameSite disables CSRF protections for t...

7.5CVSS7.1AI score0.00659EPSS
CVE
CVE
added 2021/02/12 4:35 p.m.76 views

CVE-2021-20408

CVE-2021-20408 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. Root cause: plaintext cryptographic key stored in a configuration file, enabling potential disclosure of highly sensitive information to a local user. Impact: confidentiality breach of product credential...

7.1CVSS5AI score0.00172EPSS
CVE
CVE
added 2021/02/12 4:35 p.m.72 views

CVE-2021-20409

IBM Security Verify Information Queue versions 1.0.6 and 1.0.7 are affected by CVE-2021-20409 due to failure to properly enable HTTP Strict Transport Security (HSTS) in internally generated error responses. This can allow a remote attacker to obtain sensitive information via man-in-the-middle tec...

7.5CVSS6.2AI score0.00895EPSS
CVE
CVE
added 2021/02/12 4:35 p.m.72 views

CVE-2021-20411

CVE-2021-20411 affects IBM Security Verify Information Queue (ISIQ) 1.0.6 and 1.0.7. The root cause is that the session identifier was not consistently updated on login, enabling potential session fixation and user impersonation. The IBM bulletin notes remediation by upgrading ISIQ images to tag ...

8.1CVSS7.6AI score0.00404EPSS
CVE
CVE
added 2022/07/25 5:20 p.m.68 views

CVE-2022-35288

IBM Security Verify Information Queue (ISIQ) v10.0.2 is vulnerable to an information disclosure: a malformed request to regenerate an external API token causes an error message that exposes sensitive data. The IBM Security Bulletin confirms remediation in v10.0.3, which fixes the exposure. Affect...

6.5CVSS5.9AI score0.00636EPSS
CVE
CVE
added 2022/07/25 5:20 p.m.67 views

CVE-2022-35287

IBM Security Verify Information Queue (ISIQ) v10.0.2 is affected by CVE-2022-35287 due to hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. The vulnerability stems from configuration files containing passwords or cryptographic keys, expos...

7.5CVSS7.4AI score0.00556EPSS
CVE
CVE
added 2023/08/31 1:4 p.m.67 views

CVE-2023-33835

CVE-2023-33835 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.4 and 10.0.5 . The issue is an information-disclosure vulnerability likely tied to an error-reporting mechanism flaw, allowing a remote attacker to obtain sensitive information that could aid in further attacks. IBM...

7.5CVSS4.9AI score0.00578EPSS
CVE
CVE
added 2021/02/12 4:35 p.m.65 views

CVE-2021-20406

CVE-2021-20406 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The issue arises from using weaker than expected cryptographic algorithms to encrypt/decrypt application data, potentially enabling an attacker to decrypt highly sensitive information. IBM’s security bul...

4.9CVSS4.3AI score0.00464EPSS
CVE
CVE
added 2021/02/12 4:35 p.m.65 views

CVE-2021-20412

CVE-2021-20412 affects IBM Security Verify Information Queue (ISIQ) 1.0.6 and 1.0.7, where a hard-coded credential (a signing key for Grafana in the logs stack) is stored in the Grafana initialization file. The IBM security bulletin confirms the presence of hard-coded credentials and notes the si...

7.5CVSS7.4AI score0.00886EPSS
CVE
CVE
added 2022/07/14 4:25 p.m.63 views

CVE-2022-35283

Summary: CVE-2022-35283 affects IBM Security Verify Information Queue (ISIQ) version 10.0.2. An authenticated user can trigger a denial of service via a specially crafted HTTP request. The issue is addressed in ISIQ 10.0.3, which implements stricter URL validation to prevent this DoS. CVSS base s...

6.5CVSS6.2AI score0.01004EPSS
CVE
CVE
added 2021/02/12 4:35 p.m.61 views

CVE-2021-20410

IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7 expose InfluxDB credentials via a logs stack YAML configuration, allowing an authenticated user to read credentials over the network through MITM. The issue is documented under CVE-2021-20410, with remediation advising customer...

5.3CVSS4.9AI score0.00643EPSS
CVE
CVE
added 2022/07/26 2:25 p.m.61 views

CVE-2022-35286

CVE-2022-35286 affects IBM Security Verify Information Queue (ISIQ) 10.0.2. The vulnerability is a cross-site request forgery (CSRF) in the web UI that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The root cause relates to insufficient request ve...

8.8CVSS8.4AI score0.00266EPSS
CVE
CVE
added 2023/08/31 1:1 p.m.57 views

CVE-2023-33834

CVE-2023-33834 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.4 and 10.0.5. The issue is an information disclosure vulnerability linked to an error reporting mechanism, enabling a remote attacker to obtain sensitive data that could aid further attacks. IBM’s bulletin and multi...

5.3CVSS4.4AI score0.00524EPSS
CVE
CVE
added 2022/07/25 5:20 p.m.56 views

CVE-2022-35285

The CVE-2022-35285 entry concerns IBM Security Verify Information Queue (ISIQ) v10.0.2, where the Audit Events UI is vulnerable due to a SQL injection flaw that can be exploited to facilitate cross-site request forgery, enabling an attacker to perform unauthorized actions that the trusted user in...

8.8CVSS8.4AI score0.00375EPSS
CVE
CVE
added 2023/08/31 12:59 p.m.56 views

CVE-2023-33833

CVE-2023-33833 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.4 and 10.0.5, where sensitive information is stored in plaintext readable by a local user. The issue originates from inadequate encryption of stored data. IBM’s vulnerability bulletin confirms this information expos...

3.3CVSS3.2AI score0.00123EPSS
CVE
CVE
added 2021/02/11 4:30 p.m.51 views

CVE-2021-20405

CVE-2021-20405 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is improper encoding of output in web error/message handling, which could allow a user to perform unauthorized activities or disclose information via improperly encoded responses. IBM’s bu...

7.5CVSS7.2AI score0.00752EPSS
CVE
CVE
added 2021/02/11 4:30 p.m.43 views

CVE-2021-20402

The CVE-2021-20402 issue affects IBM Security Verify Information Queue versions 1.0.6 and 1.0.7. The vulnerability is an information-disclosure risk where a remote attacker can obtain sensitive data from detailed error messages returned in browsers, potentially enabling further attacks. Affected ...

4CVSS3.4AI score0.00978EPSS
CVE
CVE
added 2021/02/11 4:30 p.m.42 views

CVE-2021-20404

CVE-2021-20404 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is insufficient protection of session cookies, allowing modification that can cause login failures and a denial of service. The IBM advisory notes that starting with v10.0.0 the safeguards...

5.3CVSS5.1AI score0.009EPSS
CVE
CVE
added 2021/02/11 4:30 p.m.40 views

CVE-2021-20403

The Connected documents confirm a CSRF vulnerability in IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7, allowing an attacker to perform malicious/unauthorized actions on behalf of a trusted user. The IBM bulletin notes older browser support affects CSRF protections (SameSit...

8.8CVSS8.6AI score0.00373EPSS
CVE
CVE
added 2025/09/10 8:4 p.m.18 views

CVE-2024-47120

CVE-2024-47120 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8. Connected sources indicate the root cause is containers running with unnecessary privileges, enabling a privileged user to escalate privileges and expand the host attack surface. The IBM security bulletin ...

6.8CVSS6.1AI score0.00194EPSS
CVE
CVE
added 2025/09/10 8:6 p.m.17 views

CVE-2024-45669

CVE-2024-45669 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8. The vulnerability arises from improper handling of special characters, leading to uncontrolled resource consumption and a denial of service when processed remotely. The issue is documented across multiple ...

6.5CVSS5.8AI score0.0034EPSS
CVE
CVE
added 2025/09/10 8:8 p.m.14 views

CVE-2024-45671

IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8 use weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The available connected sources confirm this vulnerability exists in ISIQ and note remediation is to upgrade to the latest ...

7.5CVSS5.9AI score0.00176EPSS