CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20496
https://notcve.org/view.php?id=CVE-2021-20496
15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. IBM Security Verify Access Docker versión 10.0.0, podría permitir a un usuario autenticado omitir la entrada debido a una comprobación inapropiada de entrada. IBM X-Force ID: 197966 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197966 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20439
https://notcve.org/view.php?id=CVE-2021-20439
15 Jul 2021 — IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. IBM Security Access Manager versión 9.0 e IBM Security Verify Access Docker versión 10.0.0, almacenan las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario no autorizado • https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29665
https://notcve.org/view.php?id=CVE-2021-29665
31 May 2021 — IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access versión 20.07,, es vulnerable a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación inapropiada de límites que podría permitir a un atacante local ejecutar código arbitrario en el sistema con privilegios elevados • https://exchange.xforce.ibmcloud.com/vulnerabilities/199399 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20585
https://notcve.org/view.php?id=CVE-2021-20585
31 May 2021 — IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. IBM Security Verify Access versión 20.07, podría divulgar información confidencial en los encabezados del servidor HTTP que podría ser usado en futuros ataques contra el sistema. IBM X-Force ID: 199398 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199398 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2021-20576
https://notcve.org/view.php?id=CVE-2021-20576
31 May 2021 — IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access versión 20.07, podría permitir a un atacante remoto enviar una petición HTTP GET especialmente diseñada que podría causar que la aplicación se bloquee • https://exchange.xforce.ibmcloud.com/vulnerabilities/199280 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20575
https://notcve.org/view.php?id=CVE-2021-20575
31 May 2021 — IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. IBM Security Verify Access versión 20.07, permite que las páginas web sean almacenadas localmente, que pueden ser leídas por otro usuario en el sistema. X-Force ID: 199278 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199278 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4499
https://notcve.org/view.php?id=CVE-2020-4499
15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un cliente Oauth público no autorizado omitir algunas o todas las comprobaciones de autenticación y conseguir acceso a las aplicaciones. IBM X-Force ID: 182216 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4552
https://notcve.org/view.php?id=CVE-2019-4552
15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. IBM Security Access Manager versión 9.0.7 e IBM Security Veri... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4699
https://notcve.org/view.php?id=CVE-2020-4699
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186947 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4661
https://notcve.org/view.php?id=CVE-2020-4661
12 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un atacante obtener información confidencial usando ataques de canal lateral de sincronización que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 186142 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 • CWE-203: Observable Discrepancy •