Verify Gateway (IVG)
by IBM
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-4405 | 0.00 | — | 0.01 | Jul 27, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. | |||
| CVE-2020-4400 | 0.00 | — | 0.02 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. | |||
| CVE-2020-4399 | 0.00 | — | 0.01 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476. | |||
| CVE-2020-4397 | 0.00 | — | 0.01 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428. | |||
| CVE-2020-4385 | 0.00 | — | 0.01 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. | |||
| CVE-2020-4372 | 0.00 | — | 0.00 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 | |||
| CVE-2020-4371 | 0.00 | — | 0.00 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. | |||
| CVE-2020-4369 | 0.00 | — | 0.00 | Jul 22, 2020 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. |
- CVE-2020-4405Jul 27, 2020risk 0.00cvss —epss 0.01
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484.
- CVE-2020-4400Jul 22, 2020risk 0.00cvss —epss 0.02
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.
- CVE-2020-4399Jul 22, 2020risk 0.00cvss —epss 0.01
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.
- CVE-2020-4397Jul 22, 2020risk 0.00cvss —epss 0.01
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.
- CVE-2020-4385Jul 22, 2020risk 0.00cvss —epss 0.01
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266.
- CVE-2020-4372Jul 22, 2020risk 0.00cvss —epss 0.00
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
- CVE-2020-4371Jul 22, 2020risk 0.00cvss —epss 0.00
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
- CVE-2020-4369Jul 22, 2020risk 0.00cvss —epss 0.00
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.