11 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, contiene credenciales embebidas, tal y como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IBM X-Force ID: 198192 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196192 https://www.ibm.com/support/pages/node/6414779 • CWE-798: Use of Hard-coded Credentials •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría permitir a un usuario suplantar a otro usuario en el sistema debido a una actualización incorrecta del identificador de sesión. IBM X-Force ID: 198191 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196191 https://www.ibm.com/support/pages/node/6414777 • CWE-669: Incorrect Resource Transfer Between Spheres •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, envía las credenciales de usuario en texto plano y sin cifrar que puede ser leído por un usuario autenticado utilizando técnicas de tipo man in the middle. IBM X-Force ID: 198190 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196190 https://www.ibm.com/support/pages/node/6414773 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial utilizando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/196188 https://www.ibm.com/support/pages/node/6414771 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría revelar información altamente confidencial a un usuario local debido al almacenamiento inapropiado de una clave criptográfica de texto plano. IBM X-Force ID: 198187 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196187 https://www.ibm.com/support/pages/node/6414767 • CWE-312: Cleartext Storage of Sensitive Information •