NotCVE - vendor:"Ibm" product:"Security Verify Access" version:" >= 10.0.0.0

Page 4 of 36 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-38956

https://notcve.org/view.php?id=CVE-2021-38956

07 Jan 2022 — IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 IBM Security Verify versiones 10.0.0, 10.0.1.0 y 10.0.2.0, podría revelar información confidencial sobre la versión en los encabezados de respuesta HTTP que podría ayudar a realizar más ataques contra el sistema. IBM X-Force ID: 212038 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212038 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-38921

https://notcve.org/view.php?id=CVE-2021-38921

07 Jan 2022 — IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. IBM Security Verify versiones 10.0.0, 10.0.1.0 y 10.0.2.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 210067 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210067 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-38895

https://notcve.org/view.php?id=CVE-2021-38895

07 Jan 2022 — IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. IBM Security Verify versiones 10.0.0, 10.0.1.0 y 10.0.2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interf... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-38894

https://notcve.org/view.php?id=CVE-2021-38894

07 Jan 2022 — IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. IBM Security Verify versiones 10.0.0, 10.0.1.0 y 10.0.2.0, podría permitir a un atacante remoto conseguir información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209515 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-4499

https://notcve.org/view.php?id=CVE-2020-4499

15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un cliente Oauth público no autorizado omitir algunas o todas las comprobaciones de autenticación y conseguir acceso a las aplicaciones. IBM X-Force ID: 182216 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-4552

https://notcve.org/view.php?id=CVE-2019-4552

15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. IBM Security Access Manager versión 9.0.7 e IBM Security Veri... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 •

1 2 3 4