Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_verify_access
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 72 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-04 | CVE-2024-28787 | IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. | Application_gateway, Security_verify_access | 10.0 | ||
| 2025-02-04 | CVE-2024-45658 | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | Security_verify_access | 5.3 | ||
| 2025-02-06 | CVE-2024-49814 | IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. | Security_verify_access | N/A | ||
| 2025-02-20 | CVE-2025-0161 | IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. | Security_verify_access | N/A | ||
| 2025-06-11 | CVE-2025-0163 | IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. | Security_verify_access, Security_verify_access_docker | 5.3 | ||
| 2025-02-04 | CVE-2024-35138 | IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Security_verify_access | N/A | ||
| 2024-11-29 | CVE-2024-49803 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | Security_verify_access | 8.8 | ||
| 2024-11-29 | CVE-2024-49804 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | Security_verify_access | 7.8 | ||
| 2024-11-29 | CVE-2024-49805 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | Security_verify_access | 9.8 | ||
| 2024-11-29 | CVE-2024-49806 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | Security_verify_access | 9.8 |