Vulnerabilities > IBM > Security Verify Privilege ON Premises
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2022-43891 | Information Exposure Through an Error Message vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2023-10-17 | CVE-2022-43892 | Improper Certificate Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. | 5.3 |
| 2023-10-17 | CVE-2021-20581 | Insufficient Session Expiration vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. | 4.3 |
| 2023-10-17 | CVE-2021-29913 | Improper Input Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. | 7.1 |
| 2023-10-17 | CVE-2021-38859 | Unspecified vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. | 5.3 |
| 2023-10-17 | CVE-2022-22375 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-10-17 | CVE-2022-22380 | Improper Certificate Validation vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. | 4.3 |
| 2023-10-17 | CVE-2022-22385 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. | 7.5 |
| 2023-10-17 | CVE-2022-22386 | Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-10-17 | CVE-2022-43889 | Unspecified vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. | 5.3 |