CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32327 – IBM Security Access Manager Container XML external entity injection
https://notcve.org/view.php?id=CVE-2023-32327
03 Feb 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Ac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/254783 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43016 – IBM Security Access Manager Container unauthorized access
https://notcve.org/view.php?id=CVE-2023-43016
03 Feb 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) podría permitir que un usuario remoto inicie sesión en el servidor debido... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266154 • CWE-258: Empty Password in Configuration File CWE-521: Weak Password Requirements •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30999 – IBM Security Access Manager denial of service
https://notcve.org/view.php?id=CVE-2023-30999
03 Feb 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) podría permitir que un atacante provoque una denegación de servicio debid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/254651 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31005 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31005
03 Feb 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) podría permitir a un usuario local escalar sus privilegios debido a una... • https://packetstorm.news/files/id/182466 • CWE-269: Improper Privilege Management •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-38267 – IBM Security Access Manager Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-38267
11 Jan 2024 — IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga información de configuración co... • https://packetstorm.news/files/id/182466 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31001 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-31001
11 Jan 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) almacena temporalmente información confidencial en archivos a los que un usuario local podría acceder. ID ... • https://packetstorm.news/files/id/182466 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31003 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31003
11 Jan 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga acceso raíz debido a controles de acceso inadecuados. ID de IBM X-Force... • https://exchange.xforce.ibmcloud.com/vulnerabilities/254658 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-36775 – IBM Security Verify Access HOST header injection
https://notcve.org/view.php?id=CVE-2022-36775
17 Feb 2023 — IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39070
https://notcve.org/view.php?id=CVE-2021-39070
02 Feb 2022 — IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. IBM Security Verify Access versiones 10.0.0.0, 10.0.1.0 y 10.0.2.0, con el servicio de autenticación de control de acceso avanzado habilitado podría permitir a un atacante autenticarse como cualquier usuario del sistema. IBM X-Force ID: 215353 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215353 •