Vulnerabilities > IBM > Security Verify Information Queue > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-33835 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 10.0.4/10.0.5 IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. | 7.5 |
| 2022-07-26 | CVE-2022-35286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-07-25 | CVE-2022-35284 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | 7.5 |
| 2022-07-25 | CVE-2022-35285 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-07-25 | CVE-2022-35287 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2021-02-12 | CVE-2021-20412 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2021-02-12 | CVE-2021-20411 | Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. | 8.1 |
| 2021-02-12 | CVE-2021-20409 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 7.5 |
| 2021-02-12 | CVE-2021-20407 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. | 7.5 |
| 2021-02-11 | CVE-2021-20405 | Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. | 7.5 |