Vulnerabilities > IBM > Security Verify Information Queue

DATE CVE VULNERABILITY TITLE RISK
2021-02-12 CVE-2021-20411 Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier.
low complexity
ibm CWE-669
8.1
2021-02-12 CVE-2021-20410 Insufficiently Protected Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques.
network
high complexity
ibm CWE-522
5.3
2021-02-12 CVE-2021-20409 Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
low complexity
ibm CWE-319
7.5
2021-02-12 CVE-2021-20408 Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key.
local
low complexity
ibm CWE-312
5.5
2021-02-12 CVE-2021-20407 Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system.
network
low complexity
ibm CWE-312
7.5
2021-02-12 CVE-2021-20406 Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm
4.9
2021-02-11 CVE-2021-20405 Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output.
network
low complexity
ibm CWE-116
7.5
2021-02-11 CVE-2021-20404 Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins.
network
low complexity
ibm
5.3
2021-02-11 CVE-2021-20403 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2021-02-11 CVE-2021-20402 Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
2.7