CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31001 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-31001
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) almacena temporalmente información confidencial en archivos a los que un usuario local podría acceder. ID de IBM X-Force: 254653. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254653 https://www.ibm.com/support/pages/node/7106586 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31003 – IBM Security Access Manager Container privilege escalation
https://notcve.org/view.php?id=CVE-2023-31003
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga acceso raíz debido a controles de acceso inadecuados. ID de IBM X-Force: 254658. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254658 https://www.ibm.com/support/pages/node/7106586 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43868 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2022-43868
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445. IBM Security Verify Access OIDC Provider podría revelar información de directorio que podría ayudar a los atacantes en futuros ataques contra el sistema. ID de IBM X-Force: 239445. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239445 https://www.ibm.com/support/pages/node/7028513 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43740 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2022-43740
IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921. El proveedor OIDC de IBM Security Verify Access podría permitir que un usuario remoto provoque una Denegación de Servicio (DoS) debido al consumo incontrolado de recursos. ID de IBM X-Force: 238921. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238921 https://www.ibm.com/support/pages/node/7028513 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30433 – IBM Security Verify Access HTTP open redirect
https://notcve.org/view.php?id=CVE-2023-30433
IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252186 https://www.ibm.com/support/pages/node/7012613 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •