CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25927 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2023-25927
12 May 2023 — IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-36775 – IBM Security Verify Access HOST header injection
https://notcve.org/view.php?id=CVE-2022-36775
17 Feb 2023 — IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •