CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31003 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31003
11 Jan 2024 — IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga acceso raíz debido a controles de acceso inadecuados. ID de IBM X-Force... • https://exchange.xforce.ibmcloud.com/vulnerabilities/254658 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43868 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2022-43868
14 Oct 2023 — IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445. IBM Security Verify Access OIDC Provider podría revelar información de directorio que podría ayudar a los atacantes en futuros ataques contra el sistema. ID de IBM X-Force: 239445. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239445 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43740 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2022-43740
14 Oct 2023 — IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921. El proveedor OIDC de IBM Security Verify Access podría permitir que un usuario remoto provoque una Denegación de Servicio (DoS) debido al consumo incontrolado de recursos. ID de IBM X-Force: 238921. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238921 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30433 – IBM Security Verify Access HTTP open redirect
https://notcve.org/view.php?id=CVE-2023-30433
19 Jul 2023 — IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252186 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25927 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2023-25927
12 May 2023 — IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-36775 – IBM Security Verify Access HOST header injection
https://notcve.org/view.php?id=CVE-2022-36775
17 Feb 2023 — IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22465
https://notcve.org/view.php?id=CVE-2022-22465
08 Jul 2022 — IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, podría permitir a un usuario local obtener altos privilegios debido a permisos de acceso inapropiados. IBM X-Force ID: 225082 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225082 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22464
https://notcve.org/view.php?id=CVE-2022-22464
08 Jul 2022 — IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 225081 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225081 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22463
https://notcve.org/view.php?id=CVE-2022-22463
08 Jul 2022 — IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0 es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría pe... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225079 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22370
https://notcve.org/view.php?id=CVE-2022-22370
08 Jul 2022 — IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. IBM Security Verify Access versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/221194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •