Show filters
34 Total Results
Displaying 11-20 of 34
Sort by:
Attacker Value
Unknown
CVE-2021-39070
Disclosure Date: January 31, 2022 (last updated October 07, 2023)
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353.
0
Attacker Value
Unknown
CVE-2021-38957
Disclosure Date: January 10, 2022 (last updated October 07, 2023)
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.
0
Attacker Value
Unknown
CVE-2021-38956
Disclosure Date: January 10, 2022 (last updated October 07, 2023)
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038
0
Attacker Value
Unknown
CVE-2021-38921
Disclosure Date: January 10, 2022 (last updated October 07, 2023)
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.
0
Attacker Value
Unknown
CVE-2021-38895
Disclosure Date: January 10, 2022 (last updated October 07, 2023)
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.
0
Attacker Value
Unknown
CVE-2021-38894
Disclosure Date: January 10, 2022 (last updated October 07, 2023)
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.
0
Attacker Value
Unknown
CVE-2021-20534
Disclosure Date: July 13, 2021 (last updated November 28, 2024)
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814
0
Attacker Value
Unknown
CVE-2021-20498
Disclosure Date: July 13, 2021 (last updated November 28, 2024)
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972.
0
Attacker Value
Unknown
CVE-2021-20500
Disclosure Date: July 13, 2021 (last updated November 28, 2024)
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.
0
Attacker Value
Unknown
CVE-2021-20537
Disclosure Date: July 13, 2021 (last updated November 28, 2024)
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918
0
