Vulnerabilities > IBM > Security Verify Access > 10.0.2.0

DATE CVE VULNERABILITY TITLE RISK
2024-02-03 CVE-2023-32329 Unspecified vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation.
local
low complexity
ibm
5.5
5.5
2024-02-03 CVE-2023-43016 Weak Password Requirements vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password.
network
low complexity
ibm CWE-521
7.3
7.3
2023-02-17 CVE-2022-36775 Injection vulnerability in IBM products
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-74
6.5
6.5
2022-07-08 CVE-2022-22370 Cross-site Scripting vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-07-08 CVE-2022-22463 SQL Injection vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5
6.5
2022-07-08 CVE-2022-22464 Inadequate Encryption Strength vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
7.5
2022-07-08 CVE-2022-22465 Unspecified vulnerability in IBM Security Verify Access
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions.
local
low complexity
ibm
7.8
7.8
2022-02-02 CVE-2021-39070 Unspecified vulnerability in IBM products
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system.
network
low complexity
ibm
critical
 9.8
9.8
2022-01-10 CVE-2021-38894 Information Exposure Through an Error Message vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
2.7
2.7
2022-01-10 CVE-2021-38895 Cross-site Scripting vulnerability in IBM Security Verify Access 10.0.0/10.0.1.0/10.0.2.0
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4