Page 4 of 31 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 https://www.ibm.com/support/pages/node/6953617 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. IBM Security Verify Access versiones 10.0.0.0, 10.0.1.0 y 10.0.2.0, con el servicio de autenticación de control de acceso avanzado habilitado podría permitir a un atacante autenticarse como cualquier usuario del sistema. IBM X-Force ID: 215353 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215353 https://www.ibm.com/support/pages/node/6552318 •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. IBM Security Verify Access Docker versión 10.0.0, podría permitir a un usuario hacerse pasar por otro en el sistema. IBM X-Force ID: 201483 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201483 https://www.ibm.com/support/pages/node/6471895 •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. IBM Security Verify Access Docker versión 10.0.0, podría permitir a un usuario privilegiado remotos cargar archivos arbitrarios con un tipo de archivo peligroso que podría ser ejecutado por un usuario. IBM X-Force ID: 200600 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200600 https://www.ibm.com/support/pages/node/6471895 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918 IBM Security Verify Access Docker versión 10.0.0, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, la comunicación de salida a componentes externos o el cifrado de datos internos. IBM X-Force ID:198918 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198918 https://www.ibm.com/support/pages/node/6471895 • CWE-798: Use of Hard-coded Credentials •