VYPR

Security Verify Access

by IBM

CVEs (103)

  • CVE-2025-0161Feb 20, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

  • CVE-2024-49814Feb 6, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.

  • CVE-2024-45657Feb 4, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

  • CVE-2024-35138Feb 4, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-43187Feb 4, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

  • CVE-2024-45658Feb 4, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-40700Feb 4, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2024-45659Feb 4, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.

  • CVE-2024-45647Jan 20, 2025
    risk 0.00cvss epss 0.00

    IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.

  • CVE-2024-35141Dec 19, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.

  • CVE-2024-49804Nov 29, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.

  • CVE-2024-49806Nov 29, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • CVE-2024-49805Nov 29, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • CVE-2024-49803Nov 29, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

  • CVE-2024-35139Jun 28, 2024
    risk 0.00cvss epss 0.00

    IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415.

  • CVE-2024-35137Jun 28, 2024
    risk 0.00cvss epss 0.00

    IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.

  • CVE-2023-30430Jun 27, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.

  • CVE-2024-31883Jun 27, 2024
    risk 0.00cvss epss 0.01

    IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.

  • CVE-2024-35142May 31, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.

  • CVE-2024-35140May 31, 2024
    risk 0.00cvss epss 0.00

    IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.

Page 2 of 6