Vulnerabilities > Docker

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-20496 Improper Input Validation vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation.
network
low complexity
ibm docker CWE-20
4.0
2021-07-15 CVE-2021-20497 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm docker CWE-327
5.0
2021-07-15 CVE-2021-20498 Information Exposure vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system.
network
low complexity
ibm docker CWE-200
5.0
2021-07-15 CVE-2021-20499 Information Exposure Through AN Error Message vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm docker CWE-209
4.0
2021-07-15 CVE-2021-20500 Exposure of Resource TO Wrong Sphere vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user.
local
low complexity
ibm docker CWE-668
2.1
2021-07-15 CVE-2021-20510 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm docker CWE-312
2.1
2021-07-15 CVE-2021-20511 Path Traversal vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm docker CWE-22
6.8
2021-07-15 CVE-2021-20523 Information Exposure Through AN Error Message vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm docker CWE-209
4.0
2021-07-15 CVE-2021-20524 Cross-Site Scripting vulnerability in multiple products
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting.
network
ibm docker CWE-79
3.5
2021-07-15 CVE-2021-20533 IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm docker
6.5