CPE Details
IBM Security Verify Access 10.0.7
10.0.7
2025-04-03
17h06 +00:00
17h06 +00:00
2025-04-03
17h06 +00:00
17h06 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:ibm:security_verify_access:10.0.7:*:*:*:*:*:*:*
Informations
Vendor
ibmProduct
security_verify_accessVersion
10.0.7Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password. | 9.8 |
Critique |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | 7.8 |
Haute |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
Critique |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
Critique |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 9.8 |
Critique |
||
| IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | 8.2 |
Haute |
||
| IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183. | 5.5 |
Moyen |
||
| IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. | 5.9 |
Moyen |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. | 6.2 |
Moyen |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | 7.5 |
Haute |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | 8.1 |
Haute |
||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | 8.1 |
Haute |
