CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-35133 – IBM Security Verify Access HTTP open redirect
https://notcve.org/view.php?id=CVE-2024-35133
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. • https://github.com/Ozozuz/Ozozuz-IBM-Security-Verify-CVE-2024-35133 https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 https://www.ibm.com/support/pages/node/7166712 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30430 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-30430
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 https://www.ibm.com/support/pages/node/7158789 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31883 – IBM Security Verify Access denial of service
https://notcve.org/view.php?id=CVE-2024-31883
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287615 https://www.ibm.com/support/pages/node/7158789 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43017 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-43017
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. IBM Security Verify Access 10.0.0.0 a 10.0.6.1 podría permitir a un usuario privilegiado instalar un archivo de configuración que podría permitir el acceso remoto. ID de IBM X-Force: 266155. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266155 https://www.ibm.com/support/pages/node/7106586 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32330 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-32330
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. IBM Security Verify Access 10.0.0.0 a 10.0.6.1 utiliza llamadas inseguras que podrían permitir que un atacante en la red tome el control del servidor. ID de IBM X-Force: 254977. IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254977 https://www.ibm.com/support/pages/node/7106586 • CWE-295: Improper Certificate Validation •