CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35287
https://notcve.org/view.php?id=CVE-2022-35287
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. IBM Security Verify Information Queue versión 10.0.2, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, la comunicación de salida a componentes externos o el cifrado de datos internos. IBM X-Force ID: 230817 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230817 https://www.ibm.com/support/pages/node/6606827 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35285
https://notcve.org/view.php?id=CVE-2022-35285
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812. IBM Security Verify Information Queue versión 10.0.2, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 230812 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230812 https://www.ibm.com/support/pages/node/6606819 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35284
https://notcve.org/view.php?id=CVE-2022-35284
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811. IBM Security Verify Information Queue versión 10.0.2, podría divulgar información sensible debido a la falta o inseguridad del atributo SameSite para una cookie sensible. ID de IBM X-Force: 230811 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230811 https://www.ibm.com/support/pages/node/6606663 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35283
https://notcve.org/view.php?id=CVE-2022-35283
IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request. IBM Security Verify Information Queue versión 10.0.2 podría permitir a un usuario autenticado causar una denegación de servicio con una petición HTTP especialmente diseñada • https://exchange.xforce.ibmcloud.com/vulnerabilities/230810 https://www.ibm.com/support/pages/node/6603445 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20412
https://notcve.org/view.php?id=CVE-2021-20412
IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, contiene credenciales embebidas, tal y como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IBM X-Force ID: 198192 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196192 https://www.ibm.com/support/pages/node/6414779 • CWE-798: Use of Hard-coded Credentials •