ReportizFlow
Filtered by vendor Ibm
Subscriptions
Filtered by product Security Verify Access
Subscriptions
Total
78 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0163 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-08-13 | 5.3 Medium |
| IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. | ||||
| CVE-2025-0161 | 1 Ibm | 1 Security Verify Access | 2025-08-11 | 7.8 High |
| IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. | ||||
| CVE-2024-45658 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | 2.7 Low |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-49814 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | 7.8 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. | ||||
| CVE-2024-45657 | 1 Ibm | 2 Security Verify Access, Verify Identity Access | 2025-08-05 | 5 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | ||||
| CVE-2024-43187 | 1 Ibm | 2 Security Verify Access, Verify Identity Access | 2025-08-05 | 5.9 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | ||||
| CVE-2024-40700 | 1 Ibm | 2 Security Verify Access, Verify Identity Access | 2025-08-05 | 6.1 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45659 | 1 Ibm | 2 Security Verify Access, Verify Identity Access | 2025-08-05 | 5.3 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-35138 | 1 Ibm | 1 Security Verify Access | 2025-07-24 | 6.5 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2023-32328 | 1 Ibm | 1 Security Verify Access | 2025-06-18 | 7.5 High |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | ||||
| CVE-2023-31005 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-06-18 | 6.2 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | ||||
| CVE-2023-31003 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-06-18 | 8.4 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. | ||||
| CVE-2024-56343 | 1 Ibm | 1 Security Verify Access | 2025-06-09 | 4.3 Medium |
| IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request. | ||||
| CVE-2024-56342 | 1 Ibm | 1 Security Verify Access | 2025-06-06 | 4.3 Medium |
| IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2023-31001 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-06-03 | 5.1 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. | ||||
| CVE-2023-31004 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-05-15 | 8.3 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. | ||||
| CVE-2023-43017 | 1 Ibm | 1 Security Verify Access | 2025-05-15 | 8.2 High |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | ||||
| CVE-2022-36775 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-03-12 | 6.5 Medium |
| IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. | ||||
| CVE-2024-49806 | 1 Ibm | 1 Security Verify Access | 2025-01-30 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2024-49805 | 1 Ibm | 1 Security Verify Access | 2025-01-30 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||