Vulnerabilities > IBM > Verify Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-4405 | Information Exposure Through Log Files vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. | 4.3 |
| 2020-07-22 | CVE-2020-4400 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2020-07-22 | CVE-2020-4399 | Unspecified vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. | 6.5 |
| 2020-07-22 | CVE-2020-4397 | Cleartext Transmission of Sensitive Information vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. | 5.9 |
| 2020-07-22 | CVE-2020-4385 | Use of Hard-coded Credentials vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-07-22 | CVE-2020-4372 | Insufficiently Protected Credentials vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2020-07-22 | CVE-2020-4371 | Insecure Storage of Sensitive Information vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. | 3.3 |
| 2020-07-22 | CVE-2020-4369 | Cleartext Storage of Sensitive Information vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. | 5.5 |