CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25927 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2023-25927
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 https://https://www.ibm.com/support/pages/node/6989653 https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-36775 – IBM Security Verify Access HOST header injection
https://notcve.org/view.php?id=CVE-2022-36775
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 https://www.ibm.com/support/pages/node/6953617 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22465
https://notcve.org/view.php?id=CVE-2022-22465
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, podría permitir a un usuario local obtener altos privilegios debido a permisos de acceso inapropiados. IBM X-Force ID: 225082 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225082 https://www.ibm.com/support/pages/node/6601729 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22464
https://notcve.org/view.php?id=CVE-2022-22464
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 225081 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225081 https://www.ibm.com/support/pages/node/6601729 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22463
https://notcve.org/view.php?id=CVE-2022-22463
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. IBM Security Access Manager Appliance versiones 10.0.0.0, 10.0.1.0, 10.0.2.0 y 10.0.3.0 es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/225079 https://www.ibm.com/support/pages/node/6601729 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •