Vulnerabilities > IBM > Security Verify Access
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-03 | CVE-2023-31004 | Man-in-the-Middle vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. | 9.0 |
| 2024-02-03 | CVE-2023-31005 | Improper Privilege Management vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. | 7.8 |
| 2024-02-03 | CVE-2023-31006 | Unspecified vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. | 7.5 |
| 2024-02-03 | CVE-2023-32327 | XXE vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2024-02-03 | CVE-2023-32329 | Insufficient Verification of Data Authenticity vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. | 5.5 |
| 2024-02-03 | CVE-2023-43016 | Weak Password Requirements vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. | 7.3 |
| 2024-01-11 | CVE-2023-31001 | Storing Passwords in a Recoverable Format vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. | 5.5 |
| 2024-01-11 | CVE-2023-31003 | Link Following vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. | 7.8 |
| 2024-01-11 | CVE-2023-38267 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. | 5.5 |
| 2023-07-19 | CVE-2023-30433 | Open Redirect vulnerability in IBM Security Verify Access 10.0.0 IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |