Lucene search
K
IbmVerify Gateway

8 matches found

CVE
CVE
added 2020/07/22 8:30 p.m.54 views

CVE-2020-4385

CVE-2020-4385 affects IBM Verify Gateway (IVG) versions 1.0.0 and 1.0.1, where a hard-coded credential (password/cryptographic key) is used for inbound authentication, outbound communication to external components, or internal data encryption. The IBM advisories (Security Bulletin and X-Force ent...

9.8CVSS9AI score0.01248EPSS
CVE
CVE
added 2020/07/22 8:30 p.m.52 views

CVE-2020-4371

IBM Verify Gateway (IVG) PAM components have a leftover debug header/file in installation packages that exposes sensitive information. Affected products/versions: IVG PAM 1.0.0 and 1.0.1. Root cause: leftover debugging code/file not meant for delivery in PAM components. Impact: could be used by a...

4CVSS3.7AI score0.00308EPSS
CVE
CVE
added 2020/07/22 8:30 p.m.50 views

CVE-2020-4369

CVE-2020-4369 affects IBM Verify Gateway (IVG) 1.0.0 and 1.0.1, where the client-secret stored in cleartext in PAM configurations could be exposed. The IBM Security bulletin notes that IVG PAM components can encrypt the client-secret in /etc/pam_ibm_auth.json, but encryption is not enabled by def...

5.5CVSS5.1AI score0.00207EPSS
CVE
CVE
added 2020/07/22 8:30 p.m.49 views

CVE-2020-4372

Summary: CVE-2020-4372 affects IBM Verify Gateway (IVG) components and enables exposure of client secrets when debug tracing is enabled, resulting in plaintext credentials readable by a local attacker. Affected products/versions (per IBM): IVG RADIUS 1.0.0; IVG PAM 1.0.0, 1.0.1; IVG Windows Login...

7.8CVSS7AI score0.00288EPSS
CVE
CVE
added 2020/07/22 8:30 p.m.49 views

CVE-2020-4397

CVE-2020-4397 affects IBM Verify Gateway (IVG) PAM components (AIX PAM 1.0.0/1.0.1; Linux PAM 1.0.0/1.0.1) where the Authd service could expose sensitive data in cleartext over TCP, enabling eavesdropping/mitm. The IBM Security bulletin notes that as of IVG PAM v1.0.1 (AIX) and v1.0.2 (Linux), th...

6.8CVSS5.4AI score0.00646EPSS
CVE
CVE
added 2020/07/22 8:30 p.m.47 views

CVE-2020-4399

Summary of CVE-2020-4399 (IBM Verify Gateway PAM) : The vulnerability affects IBM Verify Gateway (IVG) PAM components (AIX PAM v1.0.1 and Linux PAM v1.0.2 as the fixed versions). The issue stems from the Authd service, which listens on TCP port 12 and could be abused by an authenticated user to s...

6.5CVSS6.2AI score0.01136EPSS
CVE
CVE
added 2020/07/22 8:30 p.m.47 views

CVE-2020-4400

CVE-2020-4400 concerns IBM Verify Gateway (IVG) where the account lockout settings were inadequate, enabling a remote attacker to brute‑force credentials. Affected IVG components include RADIUS 1.0.0, PAM 1.0.0/1.0.1, and WinLogin 1.0.0/1.0.1. The root cause is insufficient throttling of authenti...

7.5CVSS7.3AI score0.01631EPSS
CVE
CVE
added 2020/07/27 1:31 p.m.40 views

CVE-2020-4405

Summary: IBM Verify Gateway (IVG) PAM components are affected in IVG 1.0.0 and 1.0.1, where debug log files can be world-readable and disclose potentially sensitive information to an authenticated user. The issue arises from logs written to /tmp via trace-file parameters, creating exposure of log...

4.3CVSS4.2AI score0.00922EPSS