CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43016 – IBM Security Access Manager Container unauthorized access
https://notcve.org/view.php?id=CVE-2023-43016
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) podría permitir que un usuario remoto inicie sesión en el servidor debido a una cuenta de usuario con una cuenta vacía contraseña. ID de IBM X-Force: 266154. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266154 https://www.ibm.com/support/pages/node/7106586 • CWE-258: Empty Password in Configuration File CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30999 – IBM Security Access Manager denial of service
https://notcve.org/view.php?id=CVE-2023-30999
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) podría permitir que un atacante provoque una denegación de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 254651. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254651 https://www.ibm.com/support/pages/node/7106586 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31005 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31005
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) podría permitir a un usuario local escalar sus privilegios debido a una configuración de seguridad incorrecta. ID de IBM X-Force: 254767. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254767 https://www.ibm.com/support/pages/node/7106586 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25927 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2023-25927
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 https://https://www.ibm.com/support/pages/node/6989653 https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-36775 – IBM Security Verify Access HOST header injection
https://notcve.org/view.php?id=CVE-2022-36775
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 https://www.ibm.com/support/pages/node/6953617 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •