CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31003 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31003
11 Jan 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga acceso raíz debido a controles de acceso inadecuados. ID de IBM X-Force... • https://exchange.xforce.ibmcloud.com/vulnerabilities/254658 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25927 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2023-25927
12 May 2023 — IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-36775 – IBM Security Verify Access HOST header injection
https://notcve.org/view.php?id=CVE-2022-36775
17 Feb 2023 — IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22465
https://notcve.org/view.php?id=CVE-2022-22465
08 Jul 2022 — IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, podría permitir a un usuario local obtener altos privilegios debido a permisos de acceso inapropiados. IBM X-Force ID: 225082 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225082 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22464
https://notcve.org/view.php?id=CVE-2022-22464
08 Jul 2022 — IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 225081 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225081 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22463
https://notcve.org/view.php?id=CVE-2022-22463
08 Jul 2022 — IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0 es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría pe... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225079 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22370
https://notcve.org/view.php?id=CVE-2022-22370
08 Jul 2022 — IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. IBM Security Verify Access versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/221194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22311
https://notcve.org/view.php?id=CVE-2022-22311
31 Mar 2022 — IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. IBM Security Verify Access podría permitir a un usuario, usando técnicas de tipo man in the middle, obtener información confidencial o posiblemente cambiar alguna información debido a la comprobación inapropiada de los tokens JWT • https://exchange.xforce.ibmcloud.com/vulnerabilities/217226 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39070
https://notcve.org/view.php?id=CVE-2021-39070
02 Feb 2022 — IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. IBM Security Verify Access versiones 10.0.0.0, 10.0.1.0 y 10.0.2.0, con el servicio de autenticación de control de acceso avanzado habilitado podría permitir a un atacante autenticarse como cualquier usuario del sistema. IBM X-Force ID: 215353 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215353 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38957
https://notcve.org/view.php?id=CVE-2021-38957
07 Jan 2022 — IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. IBM Security Verify versiones 10.0.0, 10.0.1.0 y 10.0.2.0, podría revelar información confidencial debido a una comprobación de entrada peligrosa durante una generación de códigos QR. IBM X-Force ID: 212040 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212040 • CWE-20: Improper Input Validation •