Vulnerabilities > IBM > Security Verify Access
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-35133 | Open Redirect vulnerability in IBM products IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |
| 2024-07-25 | CVE-2022-32759 | Insufficient Session Expiration vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. | 7.5 |
| 2024-07-25 | CVE-2024-28772 | Cross-site Scripting vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. | 5.4 |
| 2024-06-27 | CVE-2023-30430 | Information Exposure Through Log Files vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. | 5.5 |
| 2024-06-27 | CVE-2024-31883 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. | 5.9 |
| 2024-03-31 | CVE-2024-25027 | Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Access 10.0.6 IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. | 5.5 |
| 2024-02-07 | CVE-2023-32328 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-07 | CVE-2023-32330 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-07 | CVE-2023-43017 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. | 7.2 |
| 2024-02-03 | CVE-2023-30999 | Resource Exhaustion vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. | 7.5 |