CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20497
https://notcve.org/view.php?id=CVE-2021-20497
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 IBM Security Verify Access Docker versión 10.0.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 197969 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197969 https://www.ibm.com/support/pages/node/6471895 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20496
https://notcve.org/view.php?id=CVE-2021-20496
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. IBM Security Verify Access Docker versión 10.0.0, podría permitir a un usuario autenticado omitir la entrada debido a una comprobación inapropiada de entrada. IBM X-Force ID: 197966 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197966 https://www.ibm.com/support/pages/node/6471895 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20439
https://notcve.org/view.php?id=CVE-2021-20439
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. IBM Security Access Manager versión 9.0 e IBM Security Verify Access Docker versión 10.0.0, almacenan las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario no autorizado • https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 https://www.ibm.com/support/pages/node/6471903 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29665
https://notcve.org/view.php?id=CVE-2021-29665
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access versión 20.07,, es vulnerable a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación inapropiada de límites que podría permitir a un atacante local ejecutar código arbitrario en el sistema con privilegios elevados • https://exchange.xforce.ibmcloud.com/vulnerabilities/199399 https://www.ibm.com/support/pages/node/6457315 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20585
https://notcve.org/view.php?id=CVE-2021-20585
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. IBM Security Verify Access versión 20.07, podría divulgar información confidencial en los encabezados del servidor HTTP que podría ser usado en futuros ataques contra el sistema. IBM X-Force ID: 199398 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199398 https://www.ibm.com/support/pages/node/6457315 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •