CVSS: 5.0EPSS: %CPEs: 2EXPL: 0CVE-2024-45657 – IBM Security Verify Access incorrect privilege assignment
https://notcve.org/view.php?id=CVE-2024-45657
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. • https://www.ibm.com/support/pages/node/7182386 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: %CPEs: 2EXPL: 0CVE-2024-35138 – IBM Security Verify Access cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-35138
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7182386 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: %CPEs: 2EXPL: 0CVE-2024-43187 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-43187
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. • https://www.ibm.com/support/pages/node/7182386 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 2.7EPSS: %CPEs: 2EXPL: 0CVE-2024-45658 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-45658
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7182386 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: %CPEs: 2EXPL: 0CVE-2024-40700 – IBM Security Verify Access cross-site scripting
https://notcve.org/view.php?id=CVE-2024-40700
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: %CPEs: 2EXPL: 0CVE-2024-45659 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-45659
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7182386 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28787 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-28787
04 Apr 2024 — IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. IBM Security Verify Access 10.0.0 a 10.0.7 e IBM Application Gateway 20.01 a 24.03 podrían permitir a un atacante remoto obtener información privada altamente confidencial o provocar una denegación de servicio mediante una solicitud HTTP especia... • https://exchange.xforce.ibmcloud.com/vulnerabilities/286584 • CWE-650: Trusting HTTP Permission Methods on the Server Side •