CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35140 – IBM Security Verify Access privilege escalation
https://notcve.org/view.php?id=CVE-2024-35140
31 May 2024 — IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. IBM Security Verify Access Docker 10.0.0 a 10.0.6 podría permitir que un usuario local escale sus privilegios debido a una validación de certificado incorrecta. ID de IBM X-Force: 292416. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak setting... • https://packetstorm.news/files/id/182466 • CWE-295: Improper Certificate Validation •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22338 – IBM Security Verify Access OIDC Provider information disclosure
https://notcve.org/view.php?id=CVE-2024-22338
31 May 2024 — IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. IBM Security Verify Access OIDC Provider 22.09 a 23.03 podría revelar información confidencial a un usuario local debido a una validación de entrada peligrosa. ID de IBM X-Force: 279978. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279978 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31874 – IBM Security Verify Access Appliance denial of service
https://notcve.org/view.php?id=CVE-2024-31874
10 Apr 2024 — IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://packetstorm.news/files/id/182465 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31873 – IBM Security Verify Access Appliance information disclosure
https://notcve.org/view.php?id=CVE-2024-31873
10 Apr 2024 — IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://packetstorm.news/files/id/182465 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31871 – IBM Security Verify Access Appliance improper certificate validation
https://notcve.org/view.php?id=CVE-2024-31871
10 Apr 2024 — IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://packetstorm.news/files/id/182465 • CWE-295: Improper Certificate Validation •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31872 – IBM Security Verify Access Appliance missing certificate validation
https://notcve.org/view.php?id=CVE-2024-31872
10 Apr 2024 — IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected. • https://packetstorm.news/files/id/182465 • CWE-295: Improper Certificate Validation CWE-599: Missing Validation of OpenSSL Certificate •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28787 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-28787
04 Apr 2024 — IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. IBM Security Verify Access 10.0.0 a 10.0.7 e IBM Application Gateway 20.01 a 24.03 podrían permitir a un atacante remoto obtener información privada altamente confidencial o provocar una denegación de servicio mediante una solicitud HTTP especia... • https://exchange.xforce.ibmcloud.com/vulnerabilities/286584 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25027 – IBM Security Verify Access Container information disclosure
https://notcve.org/view.php?id=CVE-2024-25027
31 Mar 2024 — IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. IBM Security Verify Access 10.0.6 podría revelar información confidencial de instantáneas debido a la falta de cifrado. ID de IBM X-Force: 281607. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, m... • https://packetstorm.news/files/id/182466 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43017 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-43017
07 Feb 2024 — IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. IBM Security Verify Access 10.0.0.0 a 10.0.6.1 podría permitir a un usuario privilegiado instalar un archivo de configuración que podría permitir el acceso remoto. ID de IBM X-Force: 266155. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak setting... • https://packetstorm.news/files/id/182466 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32330 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-32330
07 Feb 2024 — IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. IBM Security Verify Access 10.0.0.0 a 10.0.6.1 utiliza llamadas inseguras que podrían permitir que un atacante en la red tome el control del servidor. ID de IBM X-Force: 254977. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated ... • https://packetstorm.news/files/id/182466 • CWE-295: Improper Certificate Validation •