CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0161 – IBM Security Verify Access Appliance code injection
https://notcve.org/view.php?id=CVE-2025-0161
20 Feb 2025 — IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. • https://www.ibm.com/support/pages/node/7183788 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49814 – IBM Security Verify Access Appliance Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-49814
06 Feb 2025 — IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. • https://www.ibm.com/support/pages/node/7182558 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45657 – IBM Security Verify Access incorrect privilege assignment
https://notcve.org/view.php?id=CVE-2024-45657
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. • https://www.ibm.com/support/pages/node/7182386 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35138 – IBM Security Verify Access cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-35138
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7182386 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43187 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-43187
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. • https://www.ibm.com/support/pages/node/7182386 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45658 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-45658
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7182386 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40700 – IBM Security Verify Access cross-site scripting
https://notcve.org/view.php?id=CVE-2024-40700
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45659 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2024-45659
04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7182386 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45647 – IBM Security Verify Access unverified password change
https://notcve.org/view.php?id=CVE-2024-45647
20 Jan 2025 — IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password. • https://www.ibm.com/support/pages/node/7176212 • CWE-620: Unverified Password Change •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49804 – IBM Security Verify Access Appliance privilege escalation
https://notcve.org/view.php?id=CVE-2024-49804
29 Nov 2024 — IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. • https://www.ibm.com/support/pages/node/7177447 • CWE-250: Execution with Unnecessary Privileges •