23 matches found
CVE-2021-20407
IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7 disclose sensitive information in source code, which could be used to facilitate further attacks. The IBM Security bulletin confirms affected product and versions and provides a remediation path: download and install the latest...
CVE-2022-35284
IBM Security Verify Information Queue (ISIQ) 10.0.2 is vulnerable to information disclosure due to a missing/insecure SameSite attribute on a sensitive cookie. The issue affects ISIQ 10.0.2 and is addressed by upgrading to ISIQ 10.0.3 or newer. The lack of SameSite disables CSRF protections for t...
CVE-2021-20408
CVE-2021-20408 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. Root cause: plaintext cryptographic key stored in a configuration file, enabling potential disclosure of highly sensitive information to a local user. Impact: confidentiality breach of product credential...
CVE-2021-20409
IBM Security Verify Information Queue versions 1.0.6 and 1.0.7 are affected by CVE-2021-20409 due to failure to properly enable HTTP Strict Transport Security (HSTS) in internally generated error responses. This can allow a remote attacker to obtain sensitive information via man-in-the-middle tec...
CVE-2021-20411
CVE-2021-20411 affects IBM Security Verify Information Queue (ISIQ) 1.0.6 and 1.0.7. The root cause is that the session identifier was not consistently updated on login, enabling potential session fixation and user impersonation. The IBM bulletin notes remediation by upgrading ISIQ images to tag ...
CVE-2022-35288
IBM Security Verify Information Queue (ISIQ) v10.0.2 is vulnerable to an information disclosure: a malformed request to regenerate an external API token causes an error message that exposes sensitive data. The IBM Security Bulletin confirms remediation in v10.0.3, which fixes the exposure. Affect...
CVE-2022-35287
IBM Security Verify Information Queue (ISIQ) v10.0.2 is affected by CVE-2022-35287 due to hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. The vulnerability stems from configuration files containing passwords or cryptographic keys, expos...
CVE-2023-33835
CVE-2023-33835 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.4 and 10.0.5 . The issue is an information-disclosure vulnerability likely tied to an error-reporting mechanism flaw, allowing a remote attacker to obtain sensitive information that could aid in further attacks. IBM...
CVE-2021-20406
CVE-2021-20406 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The issue arises from using weaker than expected cryptographic algorithms to encrypt/decrypt application data, potentially enabling an attacker to decrypt highly sensitive information. IBM’s security bul...
CVE-2021-20412
CVE-2021-20412 affects IBM Security Verify Information Queue (ISIQ) 1.0.6 and 1.0.7, where a hard-coded credential (a signing key for Grafana in the logs stack) is stored in the Grafana initialization file. The IBM security bulletin confirms the presence of hard-coded credentials and notes the si...
CVE-2022-35283
Summary: CVE-2022-35283 affects IBM Security Verify Information Queue (ISIQ) version 10.0.2. An authenticated user can trigger a denial of service via a specially crafted HTTP request. The issue is addressed in ISIQ 10.0.3, which implements stricter URL validation to prevent this DoS. CVSS base s...
CVE-2021-20410
IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7 expose InfluxDB credentials via a logs stack YAML configuration, allowing an authenticated user to read credentials over the network through MITM. The issue is documented under CVE-2021-20410, with remediation advising customer...
CVE-2022-35286
CVE-2022-35286 affects IBM Security Verify Information Queue (ISIQ) 10.0.2. The vulnerability is a cross-site request forgery (CSRF) in the web UI that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The root cause relates to insufficient request ve...
CVE-2023-33834
CVE-2023-33834 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.4 and 10.0.5. The issue is an information disclosure vulnerability linked to an error reporting mechanism, enabling a remote attacker to obtain sensitive data that could aid further attacks. IBM’s bulletin and multi...
CVE-2022-35285
The CVE-2022-35285 entry concerns IBM Security Verify Information Queue (ISIQ) v10.0.2, where the Audit Events UI is vulnerable due to a SQL injection flaw that can be exploited to facilitate cross-site request forgery, enabling an attacker to perform unauthorized actions that the trusted user in...
CVE-2023-33833
CVE-2023-33833 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.4 and 10.0.5, where sensitive information is stored in plaintext readable by a local user. The issue originates from inadequate encryption of stored data. IBM’s vulnerability bulletin confirms this information expos...
CVE-2021-20405
CVE-2021-20405 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is improper encoding of output in web error/message handling, which could allow a user to perform unauthorized activities or disclose information via improperly encoded responses. IBM’s bu...
CVE-2021-20402
The CVE-2021-20402 issue affects IBM Security Verify Information Queue versions 1.0.6 and 1.0.7. The vulnerability is an information-disclosure risk where a remote attacker can obtain sensitive data from detailed error messages returned in browsers, potentially enabling further attacks. Affected ...
CVE-2021-20404
CVE-2021-20404 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is insufficient protection of session cookies, allowing modification that can cause login failures and a denial of service. The IBM advisory notes that starting with v10.0.0 the safeguards...
CVE-2021-20403
The Connected documents confirm a CSRF vulnerability in IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7, allowing an attacker to perform malicious/unauthorized actions on behalf of a trusted user. The IBM bulletin notes older browser support affects CSRF protections (SameSit...
CVE-2024-47120
CVE-2024-47120 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8. Connected sources indicate the root cause is containers running with unnecessary privileges, enabling a privileged user to escalate privileges and expand the host attack surface. The IBM security bulletin ...
CVE-2024-45669
CVE-2024-45669 affects IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8. The vulnerability arises from improper handling of special characters, leading to uncontrolled resource consumption and a denial of service when processed remotely. The issue is documented across multiple ...
CVE-2024-45671
IBM Security Verify Information Queue (ISIQ) versions 10.0.5–10.0.8 use weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The available connected sources confirm this vulnerability exists in ISIQ and note remediation is to upgrade to the latest ...