CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20411
https://notcve.org/view.php?id=CVE-2021-20411
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría permitir a un usuario suplantar a otro usuario en el sistema debido a una actualización incorrecta del identificador de sesión. IBM X-Force ID: 198191 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196191 https://www.ibm.com/support/pages/node/6414777 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20410
https://notcve.org/view.php?id=CVE-2021-20410
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, envía las credenciales de usuario en texto plano y sin cifrar que puede ser leído por un usuario autenticado utilizando técnicas de tipo man in the middle. IBM X-Force ID: 198190 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196190 https://www.ibm.com/support/pages/node/6414773 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20409 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2021-20409
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial utilizando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/196188 https://www.ibm.com/support/pages/node/6414771 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20408
https://notcve.org/view.php?id=CVE-2021-20408
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, podría revelar información altamente confidencial a un usuario local debido al almacenamiento inapropiado de una clave criptográfica de texto plano. IBM X-Force ID: 198187 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196187 https://www.ibm.com/support/pages/node/6414767 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20407 – IBM Security Verify Information Queue information disclosure
https://notcve.org/view.php?id=CVE-2021-20407
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185. IBM Security Verify Information Queue versiones 1.0.6 y 1.0.7, revela información confidencial en el código fuente que podría ser usada en futuros ataques contra el sistema. IBM X-Force ID: 198185 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196185 https://www.ibm.com/support/pages/node/6414765 • CWE-312: Cleartext Storage of Sensitive Information •