CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38370 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38370
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities... • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38368 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38368
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30997 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30997
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30998 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30998
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38371 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38371
27 Jun 2024 — IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38369 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-38369
07 Feb 2024 — IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. IBM Security Access Manager Container 10.0.0.0 a 10.0.6.1 no requiere que las imágenes de Docker tengan contraseñas seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de usuario. ID de IBM X-Force: 261196. IBM Security Verify Access versions ... • https://packetstorm.news/files/id/182466 • CWE-521: Weak Password Requirements •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31002 – IBM Security Access Manager Container information disclosure
https://notcve.org/view.php?id=CVE-2023-31002
07 Feb 2024 — IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. IBM Security Access Manager Container 10.0.0.0 a 10.0.6.1 almacena temporalmente información confidencial en archivos a los que podría acceder un usuario local. ID de IBM X-Force: 254657. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254657 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20439
https://notcve.org/view.php?id=CVE-2021-20439
15 Jul 2021 — IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. IBM Security Access Manager versión 9.0 e IBM Security Verify Access Docker versión 10.0.0, almacenan las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario no autorizado • https://exchange.xforce.ibmcloud.com/vulnerabilities/196453 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4499
https://notcve.org/view.php?id=CVE-2020-4499
15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. IBM Security Access Manager versión 9.0.7 e IBM Security Verify Access versión 10.0.0, podrían permitir a un cliente Oauth público no autorizado omitir algunas o todas las comprobaciones de autenticación y conseguir acceso a las aplicaciones. IBM X-Force ID: 182216 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4552
https://notcve.org/view.php?id=CVE-2019-4552
15 Oct 2020 — IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. IBM Security Access Manager versión 9.0.7 e IBM Security Veri... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 •