Vulnerabilities > IBM > Security Verify Access > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-29 | CVE-2024-49803 | OS Command Injection vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2024-11-29 | CVE-2024-49804 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | 7.8 |
| 2024-08-29 | CVE-2024-35133 | Open Redirect vulnerability in IBM products IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |
| 2024-07-25 | CVE-2022-32759 | Unspecified vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. | 7.5 |
| 2024-04-10 | CVE-2024-31871 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. | 8.1 |
| 2024-04-10 | CVE-2024-31872 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. | 8.1 |
| 2024-04-10 | CVE-2024-31873 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. | 7.5 |
| 2024-02-07 | CVE-2023-43017 | Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. | 7.2 |
| 2024-02-03 | CVE-2023-30999 | Unspecified vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. | 7.5 |
| 2024-02-03 | CVE-2023-31005 | Unspecified vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. | 7.8 |