cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45657,https://securityvulnerability.io/vulnerability/CVE-2024-45657,Local Privilege Escalation in IBM Security Verify Access Appliance and Container,"A security flaw in IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 could permit a local privileged user to execute unauthorized operations due to improperly assigned permissions. This misconfiguration allows exploitation of the system’s privileges, potentially leading to unforeseen security risks.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:40:08.652Z,0
CVE-2024-35138,https://securityvulnerability.io/vulnerability/CVE-2024-35138,Cross-Site Request Forgery Vulnerability in IBM Security Verify Access Appliance,"The IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to a cross-site request forgery attack. This vulnerability allows an attacker to perform unauthorized actions by exploiting the trust of the victim’s browser against the legitimate website. If the victim is authenticated on the site, the attacker can transmit malicious requests, leading to potential unauthorized changes and actions within the application.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:38:34.306Z,0
CVE-2024-43187,https://securityvulnerability.io/vulnerability/CVE-2024-43187,Sensitive Data Transmission Flaw in IBM Security Verify Access Appliance and Container,"The IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 are exposed to a vulnerability that allows sensitive or security-critical data to be transmitted unencrypted. This flaw compromises the integrity of data being communicated, making it susceptible to interception by unauthorized actors over the network. It is essential for organizations using these products to implement secured communication protocols to mitigate the risk associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.9,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:49.166Z,0
CVE-2024-45658,https://securityvulnerability.io/vulnerability/CVE-2024-45658,Information Disclosure Vulnerability in IBM Security Verify Access,"A vulnerability exists in the IBM Security Verify Access Appliance and Container, specifically affecting versions 10.0.0 through 10.0.8. This issue can allow a remote attacker to gain unauthorized access to sensitive information if a detailed technical error message is returned by the system. The exposed information could potentially be leveraged for further attacks, making it crucial for users to address this issue promptly to safeguard their systems.",IBM,"Security Verify Access Appliance,Security Verify Access Container",2.7,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:13.537Z,0
CVE-2024-40700,https://securityvulnerability.io/vulnerability/CVE-2024-40700,Cross-Site Scripting Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliances and Containers versions 10.0.0 through 10.0.8 are susceptible to a Cross-Site Scripting (XSS) flaw, which permits unauthenticated attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized disclosure of user credentials during an active session, posing a significant security risk to users.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:36:10.138Z,0
CVE-2024-45659,https://securityvulnerability.io/vulnerability/CVE-2024-45659,Information Disclosure Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to an information disclosure vulnerability. A remote attacker could exploit this issue by triggering a detailed technical error message, potentially exposing sensitive information that could facilitate subsequent attacks against the system. It is crucial for users of the affected products to apply necessary patches or updates as advised by the vendor to mitigate this risk.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T17:34:12.764Z,0
CVE-2024-45650,https://securityvulnerability.io/vulnerability/CVE-2024-45650,Denial of Service Vulnerability in IBM Security Verify Directory,"IBM Security Verify Directory versions 10.0 through 10.0.3 are susceptible to a denial of service vulnerability triggered by LDAP extended operations. This issue can be exploited by sending malicious requests, potentially causing service interruptions and impacting overall system availability. Organizations using this product should assess their exposure to this vulnerability and implement appropriate security measures.",IBM,Security Verify Directory,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-31T15:07:24.198Z,0
CVE-2023-33838,https://securityvulnerability.io/vulnerability/CVE-2023-33838,Cryptographic Weakness in IBM Security Verify Governance Identity Manager,"IBM Security Verify Governance, specifically version 10.0.2, is affected by a vulnerability due to the use of a one-way cryptographic hash for sensitive data, such as passwords, without incorporating a salt. This oversight reduces the effectiveness of the hashing mechanism, potentially exposing user credentials to reversible attacks. Proper cryptographic practices mandate the use of salts in conjunction with hashes to enhance security, and the absence of this can lead to increased risks for password-related exploits.",IBM,Security Verify Governance,4.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-29T01:22:19.102Z,0
CVE-2023-35017,https://securityvulnerability.io/vulnerability/CVE-2023-35017,Clear Text Credential Transmission in IBM Security Verify Governance 10.0.2,"IBM Security Verify Governance 10.0.2 contains a vulnerability where user credentials are transmitted in clear text. This transmission is susceptible to interception by attackers utilizing man-in-the-middle techniques, posing a significant risk to user data integrity and confidentiality. It is crucial for organizations using this product to implement security measures that protect sensitive information from unauthorized access.",IBM,Security Verify Governance,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-29T00:00:14.545Z,0
CVE-2024-45672,https://securityvulnerability.io/vulnerability/CVE-2024-45672,Excessive Privileges in IBM Security Verify Bridge Affecting Local User Access,"IBM Security Verify Bridge versions 1.0.0 to 1.0.15 contain a vulnerability that permits local privileged users to overwrite files due to excessive permissions granted to the agent. This flaw could lead to potential disruptions and may cause a denial of service, impacting overall system availability and integrity.",IBM,Security Verify Bridge,6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T17:31:58.939Z,0
CVE-2024-45647,https://securityvulnerability.io/vulnerability/CVE-2024-45647,Password Modification Vulnerability in IBM Security Verify Access,"A vulnerability exists in IBM Security Verify Access versions 10.0.0 through 10.0.8, including the Docker version. This flaw allows an unverified user to change the password of an expired user account without needing to know the original password, enabling unauthorized access to sensitive information and resources.",IBM,"Security Verify Access,Security Verify Access Docker",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-20T14:50:54.184Z,0
CVE-2024-41783,https://securityvulnerability.io/vulnerability/CVE-2024-41783,Command Injection Vulnerability in IBM Sterling Secure Proxy,"The vulnerability in IBM Sterling Secure Proxy arises from improper validation of specific types of input, which could allow a privileged user to execute arbitrary commands on the underlying operating system. This flaw may lead to unauthorized access and manipulation of system resources, emphasizing the necessity for immediate technical interventions to mitigate exploitation risks.",IBM,Sterling Secure Proxy,9.1,CRITICAL,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-19T14:58:21.249Z,38
CVE-2024-38337,https://securityvulnerability.io/vulnerability/CVE-2024-38337,Unauthorized Access Vulnerability in IBM Sterling Secure Proxy,"IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 are affected by a vulnerability that allows unauthorized attackers to access or modify sensitive information. This stems from improper permission assignments, potentially exposing critical data to malicious actors. Organizations using these versions should evaluate their security posture and consider applying available updates to mitigate this risk.",IBM,Sterling Secure Proxy,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-19T14:56:18.995Z,0
CVE-2024-45654,https://securityvulnerability.io/vulnerability/CVE-2024-45654,Unauthorized Actions in IBM Security ReaQta Due to Untrusted Inputs,"A security vulnerability in IBM Security ReaQta 3.12 allows authenticated users to execute unauthorized actions due to improper validation of untrusted inputs. This flaw can potentially lead to significant security risks if exploited, as it undermines the intended restrictions and integrity of the system, exposing sensitive data and critical functionality to potential misuse.",IBM,Security Reaqta,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-19T02:19:11.978Z,0
CVE-2024-45100,https://securityvulnerability.io/vulnerability/CVE-2024-45100,Denial of Service in IBM Security ReaQta Affecting Privileged Users,"IBM Security ReaQta 3.12 is susceptible to a denial of service attack when a privileged user sends multiple administrative requests. This vulnerability arises from the improper allocation of resources within the software, potentially leading to service interruptions and an impaired ability to manage security functions effectively.",IBM,Security Qradar Edr,4.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-07T12:22:53.822Z,0
CVE-2024-45640,https://securityvulnerability.io/vulnerability/CVE-2024-45640,Sensitive Information Exposure in IBM Security ReaQta,The IBM Security ReaQta 3.12 has a vulnerability that allows it to return sensitive information within its HTTP response. This exposure can be leveraged by attackers to gain unauthorized access or perform further malicious actions against the system.,IBM,Security Qradar Edr,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-07T12:22:04.843Z,0
CVE-2024-49336,https://securityvulnerability.io/vulnerability/CVE-2024-49336,Server-Side Request Forgery Vulnerability in IBM Security Guardium,"The vulnerability in IBM Security Guardium 11.5 is categorized as a server-side request forgery (SSRF), allowing an authenticated attacker to manipulate requests sent from the system to external services. This vulnerability can lead to unauthorized access, network enumeration, and potentially enable the attacker to engineer other types of attacks leveraging the compromised request context. Organizations utilizing this version should be aware of the potential implications on their network security and take immediate action to mitigate the associated risks.",IBM,Security Guardium,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-19T18:15:00.000Z,0
CVE-2024-35141,https://securityvulnerability.io/vulnerability/CVE-2024-35141,Local Privilege Escalation Vulnerability in IBM Security Verify Access Docker,"CVE-2024-35141 is a local privilege escalation vulnerability found in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6. This vulnerability arises from inadequate execution permissions that may allow a local user to gain elevated privileges. This could potentially enable attackers to execute unauthorized actions on the system, posing significant security risks. It is crucial for organizations utilizing affected versions to implement the necessary patches and updates as recommended by IBM to mitigate this vulnerability. For more information, refer to the vendor advisory at IBM's support page.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T01:10:05.711Z,0
CVE-2024-49816,https://securityvulnerability.io/vulnerability/CVE-2024-49816,Local Privilege Escalation Risk in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49816 identifies a significant local privilege escalation vulnerability affecting IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The risk arises from the application storing potentially sensitive information within log files that can be accessed by local privileged users. This improper handling of sensitive data could facilitate unauthorized access, leading to possible data breaches and exploitation of critical systems. Organizations using the affected versions are advised to evaluate and mitigate risks by securing log files and applying necessary updates to safeguard their environment.",IBM,Security Guardium Key Lifecycle Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49818,https://securityvulnerability.io/vulnerability/CVE-2024-49818,Sensitive Information Exposure in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49818 is a high-risk vulnerability affecting specific versions of the IBM Security Guardium Key Lifecycle Manager. It may allow remote attackers to glean sensitive information from detailed technical error messages displayed in web browsers. This exposure could facilitate further attacks on the system, making it imperative for organizations utilizing this software to apply the recommended security updates and monitor their systems for unusual activity.",IBM,Security Guardium Key Lifecycle Manager,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49817,https://securityvulnerability.io/vulnerability/CVE-2024-49817,Local Privilege Escalation in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49817 is a significant local privilege escalation vulnerability found in IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. This flaw arises from the application's insecure handling of user credentials, which are stored in configuration files. These files can be accessed by local privileged users, potentially allowing them to exploit the vulnerability to gain unauthorized access to sensitive information. It is crucial for organizations utilizing these versions to implement recommendations from IBM's support resources to mitigate the risks associated with this vulnerability.",IBM,Security Guardium Key Lifecycle Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49819,https://securityvulnerability.io/vulnerability/CVE-2024-49819,Sensitive Data Exposure in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49819 is a critical vulnerability found in specific versions of IBM Security Guardium Key Lifecycle Manager, namely 4.1, 4.1.1, 4.2.0, and 4.2.1. This vulnerability allows a remote attacker to intercept and retrieve sensitive information transmitted in cleartext over insecure communication channels. Unauthorized access to such data poses significant risks, including data breaches and unauthorized disclosure of sensitive corporate information. It is crucial for users of the affected products to apply necessary patches and security measures to mitigate potential threats. For detailed guidance, refer to IBM's support page.",IBM,Security Guardium Key Lifecycle Manager,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49820,https://securityvulnerability.io/vulnerability/CVE-2024-49820,Remote Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49820 is a critical vulnerability affecting specific versions of IBM Security Guardium Key Lifecycle Manager. This issue arises from the improper enforcement of HTTP Strict Transport Security (HSTS), which could allow remote attackers to exploit the system using man-in-the-middle techniques. Such an exploit could lead to the unauthorized disclosure of sensitive information, putting organizations at risk. It is vital for users of affected versions (4.1, 4.1.1, 4.2.0, 4.2.1) to apply patches and strengthen their security configurations to mitigate this risk.",IBM,Security Guardium Key Lifecycle Manager,3.7,LOW,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49804,https://securityvulnerability.io/vulnerability/CVE-2024-49804,Potential Privilege Escalation Vulnerability in Security Verify Access Appliance,"A vulnerability exists in IBM Security Verify Access Appliance, impacting versions 10.0.0 through 10.0.8. This flaw enables a locally authenticated non-administrative user to escalate their privileges by exploiting unnecessary permissions assigned to specific tasks. As a result, the integrity and security of system operations could be compromised. Immediate action is recommended to mitigate potential risks associated with this vulnerability. For details and updates, refer to the official IBM support page.",IBM,Security Verify Access,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-29T16:55:32.323Z,0
CVE-2024-49806,https://securityvulnerability.io/vulnerability/CVE-2024-49806,Hard-coded credentials expose IBM Security Verify Access Appliance to potential security risks,"The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 contain a vulnerability caused by hard-coded credentials, including passwords or cryptographic keys. These credentials are utilized for various critical functions, such as inbound authentication, outbound communication with external components, and encryption of internal data. This security flaw poses a significant risk, as attackers may exploit the hard-coded credentials to gain unauthorized access to the system, potentially leading to data breaches or manipulation.",IBM,Security Verify Access,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-29T16:53:45.208Z,0