cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45657,https://securityvulnerability.io/vulnerability/CVE-2024-45657,Local Privilege Escalation in IBM Security Verify Access Appliance and Container,"A security flaw in IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 could permit a local privileged user to execute unauthorized operations due to improperly assigned permissions. This misconfiguration allows exploitation of the system’s privileges, potentially leading to unforeseen security risks.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:40:08.652Z,0
CVE-2024-35138,https://securityvulnerability.io/vulnerability/CVE-2024-35138,Cross-Site Request Forgery Vulnerability in IBM Security Verify Access Appliance,"The IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to a cross-site request forgery attack. This vulnerability allows an attacker to perform unauthorized actions by exploiting the trust of the victim’s browser against the legitimate website. If the victim is authenticated on the site, the attacker can transmit malicious requests, leading to potential unauthorized changes and actions within the application.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:38:34.306Z,0
CVE-2024-43187,https://securityvulnerability.io/vulnerability/CVE-2024-43187,Sensitive Data Transmission Flaw in IBM Security Verify Access Appliance and Container,"The IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 are exposed to a vulnerability that allows sensitive or security-critical data to be transmitted unencrypted. This flaw compromises the integrity of data being communicated, making it susceptible to interception by unauthorized actors over the network. It is essential for organizations using these products to implement secured communication protocols to mitigate the risk associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.9,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:49.166Z,0
CVE-2024-45658,https://securityvulnerability.io/vulnerability/CVE-2024-45658,Information Disclosure Vulnerability in IBM Security Verify Access,"A vulnerability exists in the IBM Security Verify Access Appliance and Container, specifically affecting versions 10.0.0 through 10.0.8. This issue can allow a remote attacker to gain unauthorized access to sensitive information if a detailed technical error message is returned by the system. The exposed information could potentially be leveraged for further attacks, making it crucial for users to address this issue promptly to safeguard their systems.",IBM,"Security Verify Access Appliance,Security Verify Access Container",2.7,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:13.537Z,0
CVE-2024-40700,https://securityvulnerability.io/vulnerability/CVE-2024-40700,Cross-Site Scripting Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliances and Containers versions 10.0.0 through 10.0.8 are susceptible to a Cross-Site Scripting (XSS) flaw, which permits unauthenticated attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized disclosure of user credentials during an active session, posing a significant security risk to users.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:36:10.138Z,0
CVE-2024-45659,https://securityvulnerability.io/vulnerability/CVE-2024-45659,Information Disclosure Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to an information disclosure vulnerability. A remote attacker could exploit this issue by triggering a detailed technical error message, potentially exposing sensitive information that could facilitate subsequent attacks against the system. It is crucial for users of the affected products to apply necessary patches or updates as advised by the vendor to mitigate this risk.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T17:34:12.764Z,0
CVE-2024-45647,https://securityvulnerability.io/vulnerability/CVE-2024-45647,Password Modification Vulnerability in IBM Security Verify Access,"A vulnerability exists in IBM Security Verify Access versions 10.0.0 through 10.0.8, including the Docker version. This flaw allows an unverified user to change the password of an expired user account without needing to know the original password, enabling unauthorized access to sensitive information and resources.",IBM,"Security Verify Access,Security Verify Access Docker",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-20T14:50:54.184Z,0
CVE-2024-35141,https://securityvulnerability.io/vulnerability/CVE-2024-35141,Local Privilege Escalation Vulnerability in IBM Security Verify Access Docker,"CVE-2024-35141 is a local privilege escalation vulnerability found in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6. This vulnerability arises from inadequate execution permissions that may allow a local user to gain elevated privileges. This could potentially enable attackers to execute unauthorized actions on the system, posing significant security risks. It is crucial for organizations utilizing affected versions to implement the necessary patches and updates as recommended by IBM to mitigate this vulnerability. For more information, refer to the vendor advisory at IBM's support page.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T01:10:05.711Z,0
CVE-2024-49804,https://securityvulnerability.io/vulnerability/CVE-2024-49804,Potential Privilege Escalation Vulnerability in Security Verify Access Appliance,"A vulnerability exists in IBM Security Verify Access Appliance, impacting versions 10.0.0 through 10.0.8. This flaw enables a locally authenticated non-administrative user to escalate their privileges by exploiting unnecessary permissions assigned to specific tasks. As a result, the integrity and security of system operations could be compromised. Immediate action is recommended to mitigate potential risks associated with this vulnerability. For details and updates, refer to the official IBM support page.",IBM,Security Verify Access,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-29T16:55:32.323Z,0
CVE-2024-49806,https://securityvulnerability.io/vulnerability/CVE-2024-49806,Hard-coded credentials expose IBM Security Verify Access Appliance to potential security risks,"The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 contain a vulnerability caused by hard-coded credentials, including passwords or cryptographic keys. These credentials are utilized for various critical functions, such as inbound authentication, outbound communication with external components, and encryption of internal data. This security flaw poses a significant risk, as attackers may exploit the hard-coded credentials to gain unauthorized access to the system, potentially leading to data breaches or manipulation.",IBM,Security Verify Access,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-29T16:53:45.208Z,0
CVE-2024-49805,https://securityvulnerability.io/vulnerability/CVE-2024-49805,IBM Security Verify Access Appliance Hard-Coded Credentials Vulnerability,"The vulnerability in IBM Security Verify Access Appliance allows for the presence of hard-coded credentials that may be exploited to compromise the system. Specifically, this weakness affects versions ranging from 10.0.0 to 10.0.8, where hard-coded credentials reduce the security integrity of inbound authentication processes and outbound communications. Additionally, the embedded credentials can jeopardize the encryption of internal data, posing potential risks to the confidentiality and integrity of sensitive information.",IBM,Security Verify Access,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-29T16:52:15.174Z,0
CVE-2024-49803,https://securityvulnerability.io/vulnerability/CVE-2024-49803,Remote Command Execution Vulnerability Affects IBM Security Verify Access Appliance,"IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 are susceptible to a vulnerability that allows a remote authenticated attacker to execute arbitrary commands on the system. This occurs through the submission of specially crafted requests, potentially leading to unauthorized system access and manipulation. It is essential for organizations using this appliance to apply the necessary patches or mitigations to safeguard their systems against exploitation.",IBM,Security Verify Access,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-29T16:50:31.964Z,0
CVE-2024-35133,https://securityvulnerability.io/vulnerability/CVE-2024-35133,IBM Security Verify Access Vulnerability Could Lead to Phishing Attacks,"IBM Security Verify Access versions 10.0.0 through 10.0.8 present an open redirect vulnerability in the OIDC Provider, which can be exploited by remote authenticated attackers to perform phishing attacks. By convincing users to navigate to a specially designed link, attackers can manipulate the displayed URL, redirecting users to malicious sites disguised as legitimate ones. This exploitation can lead to the theft of sensitive information or enable further compromise of the victim's security.",IBM,"Security Verify Access,Security Verify Access Docker",8.2,HIGH,0.0007399999885819852,false,,false,false,true,2024-10-18T18:49:27.000Z,true,false,false,,2024-08-29T16:39:43.913Z,0
CVE-2024-35139,https://securityvulnerability.io/vulnerability/CVE-2024-35139,IBM Security Access Manager Docker vulnerability could expose sensitive information,IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions.  IBM X-Force ID:  292415.,IBM,Security Verify Access Docker,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T15:42:04.309Z,0
CVE-2024-35137,https://securityvulnerability.io/vulnerability/CVE-2024-35137,IBM Security Access Manager Docker vulnerability could lead to elevated privileges,IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed.   IBM X-Force ID:  292413.,IBM,Security Verify Access Docker,6.2,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-28T15:33:11.156Z,0
CVE-2023-38370,https://securityvulnerability.io/vulnerability/CVE-2023-38370,IBM Security Access Manager Vulnerability Allows Malicious Package Installation,"The vulnerability presents a significant risk within IBM Security Access Manager Docker across multiple versions. Under specific configurations, it allows unauthorized users on the network to potentially install malicious packages, leading to a compromise of the system's security and integrity. This vulnerability underscores the critical importance of secure configuration management in preventing unauthorized access and ensuring the safety of sensitive data within organizational networks.",IBM,Security Access Manager Docker,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-27T18:27:20.082Z,0
CVE-2023-38368,https://securityvulnerability.io/vulnerability/CVE-2023-38368,IBM Security Access Manager Vulnerability Could Leak Sensitive Information,"IBM Security Access Manager, particularly versions 10.0.0.0 through 10.0.7.1, is susceptible to vulnerabilities that expose sensitive information to local users. This flaw arises from inadequate permission controls, potentially allowing unauthorized access to critical data within the system. Organizations utilizing these versions should review their security measures and apply necessary updates to mitigate risks associated with this vulnerability.",IBM,Security Access Manager Docker,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T18:25:39.896Z,0
CVE-2023-30997,https://securityvulnerability.io/vulnerability/CVE-2023-30997,IBM Security Access Manager Vulnerability Allows Root Access,"A vulnerability in IBM Security Access Manager Docker versions 10.0.0.0 to 10.0.7.1 may allow a local user to gain unauthorized root access due to improperly configured access controls. This issue can expose sensitive data and compromise system integrity, necessitating immediate attention from administrators to mitigate potential risks associated with this vulnerability.",IBM,Security Access Manager Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T18:21:12.373Z,0
CVE-2023-30998,https://securityvulnerability.io/vulnerability/CVE-2023-30998,IBM Security Access Manager Vulnerability Allows Root Access,"The vulnerability in IBM Security Access Manager Docker allows a local user to bypass security measures due to improper access controls. The flaw affects versions from 10.0.0.0 to 10.0.7.1, enabling unauthorized individuals to gain root access, compromising the security and integrity of the affected system. This vulnerability is documented under IBM X-Force ID 254649, highlighting the significance of addressing it to maintain robust security practices.",IBM,Security Access Manager Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T18:18:22.101Z,0
CVE-2023-38371,https://securityvulnerability.io/vulnerability/CVE-2023-38371,Weaker Cryptographic Algorithms in IBM Security Access Manager Docker Releases Could Lead to Information Decryption,"IBM Security Access Manager Docker versions 10.0.0.0 through 10.0.7.1 exhibit vulnerabilities due to the implementation of cryptographic algorithms that do not meet expected security standards. This weakness may allow attackers to decrypt highly sensitive information, posing significant risks to data confidentiality. Organizations utilizing these affected versions should review their security configurations and consider updates or mitigations to safeguard sensitive data against potential unauthorized access.",IBM,Security Access Manager Docker,7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-06-27T18:14:20.985Z,0
CVE-2024-31883,https://securityvulnerability.io/vulnerability/CVE-2024-31883,Denial of Service Issue in IBM Security Verify Access,"IBM Security Verify Access versions 10.0.0.0 through 10.0.7.1 may experience a vulnerability that allows unauthenticated attackers to exploit asymmetric resource consumption. This could potentially result in a denial of service, affecting the availability of the services provided by the product. The issue arises under certain configurations, necessitating timely attention from users to mitigate risks. For more details, refer to IBM's support documentation and X-Force vulnerability registry.",IBM,Security Verify Access,5.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-27T16:15:00.000Z,0
CVE-2023-30430,https://securityvulnerability.io/vulnerability/CVE-2023-30430,IBM Security Verify Access Vulnerability Could Leak Sensitive Information,"IBM Security Verify Access versions 10.0.0 to 10.0.7.1 have a vulnerability that could enable a local user to access sensitive data from trace logs. This situation poses a risk as unauthorized personnel may exploit this access to retrieve critical user information without proper permissions, leading to potential privacy violations and exposure of confidential data. It is crucial for users of the affected versions to take immediate action to mitigate the risks associated with this vulnerability.",IBM,Security Verify Access,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T15:53:23.648Z,0
CVE-2024-35142,https://securityvulnerability.io/vulnerability/CVE-2024-35142,Unnecessary Privileges Could Lead to Escalation of Local User Privileges,"A vulnerability in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6 allows a local user to escalate their privileges due to unnecessary privilege execution. This flaw could potentially enable attackers to exploit the system and gain elevated access, compromising the integrity and security of the environment. Addressing this vulnerability is crucial for organizations utilizing these versions to ensure their systems remain secure against local privilege escalation threats.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T16:57:37.135Z,0
CVE-2024-35140,https://securityvulnerability.io/vulnerability/CVE-2024-35140,IBM Security Verify Access Docker Vulnerability Could Lead to Privilege Escalation,"A vulnerability in IBM Security Verify Access Docker allows local users to escalate their privileges due to improper handling of certificate validation. The affected versions, ranging from 10.0.0 to 10.0.6, pose a risk of unauthorized access, potentially leading to further exploitation by malicious users. Organizations running these versions should apply necessary patches and evaluate their security postures to prevent potential breaches.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T16:53:08.654Z,0
CVE-2024-22338,https://securityvulnerability.io/vulnerability/CVE-2024-22338,IBM Security Verify Access OIDC Provider Vulnerability Could Disclose Sensitive Information,IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation.  IBM X-Force ID:  279978.,IBM,Security Verify Access Oidc Provider,4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T10:36:52.708Z,0