cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45657,https://securityvulnerability.io/vulnerability/CVE-2024-45657,Local Privilege Escalation in IBM Security Verify Access Appliance and Container,"A security flaw in IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 could permit a local privileged user to execute unauthorized operations due to improperly assigned permissions. This misconfiguration allows exploitation of the system’s privileges, potentially leading to unforeseen security risks.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:40:08.652Z,0
CVE-2024-35138,https://securityvulnerability.io/vulnerability/CVE-2024-35138,Cross-Site Request Forgery Vulnerability in IBM Security Verify Access Appliance,"The IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to a cross-site request forgery attack. This vulnerability allows an attacker to perform unauthorized actions by exploiting the trust of the victim’s browser against the legitimate website. If the victim is authenticated on the site, the attacker can transmit malicious requests, leading to potential unauthorized changes and actions within the application.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:38:34.306Z,0
CVE-2024-43187,https://securityvulnerability.io/vulnerability/CVE-2024-43187,Sensitive Data Transmission Flaw in IBM Security Verify Access Appliance and Container,"The IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 are exposed to a vulnerability that allows sensitive or security-critical data to be transmitted unencrypted. This flaw compromises the integrity of data being communicated, making it susceptible to interception by unauthorized actors over the network. It is essential for organizations using these products to implement secured communication protocols to mitigate the risk associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.9,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:49.166Z,0
CVE-2024-45658,https://securityvulnerability.io/vulnerability/CVE-2024-45658,Information Disclosure Vulnerability in IBM Security Verify Access,"A vulnerability exists in the IBM Security Verify Access Appliance and Container, specifically affecting versions 10.0.0 through 10.0.8. This issue can allow a remote attacker to gain unauthorized access to sensitive information if a detailed technical error message is returned by the system. The exposed information could potentially be leveraged for further attacks, making it crucial for users to address this issue promptly to safeguard their systems.",IBM,"Security Verify Access Appliance,Security Verify Access Container",2.7,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:13.537Z,0
CVE-2024-40700,https://securityvulnerability.io/vulnerability/CVE-2024-40700,Cross-Site Scripting Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliances and Containers versions 10.0.0 through 10.0.8 are susceptible to a Cross-Site Scripting (XSS) flaw, which permits unauthenticated attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized disclosure of user credentials during an active session, posing a significant security risk to users.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:36:10.138Z,0
CVE-2024-45659,https://securityvulnerability.io/vulnerability/CVE-2024-45659,Information Disclosure Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to an information disclosure vulnerability. A remote attacker could exploit this issue by triggering a detailed technical error message, potentially exposing sensitive information that could facilitate subsequent attacks against the system. It is crucial for users of the affected products to apply necessary patches or updates as advised by the vendor to mitigate this risk.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T17:34:12.764Z,0
CVE-2024-45647,https://securityvulnerability.io/vulnerability/CVE-2024-45647,Password Modification Vulnerability in IBM Security Verify Access,"A vulnerability exists in IBM Security Verify Access versions 10.0.0 through 10.0.8, including the Docker version. This flaw allows an unverified user to change the password of an expired user account without needing to know the original password, enabling unauthorized access to sensitive information and resources.",IBM,"Security Verify Access,Security Verify Access Docker",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-20T14:50:54.184Z,0
CVE-2024-35141,https://securityvulnerability.io/vulnerability/CVE-2024-35141,Local Privilege Escalation Vulnerability in IBM Security Verify Access Docker,"CVE-2024-35141 is a local privilege escalation vulnerability found in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6. This vulnerability arises from inadequate execution permissions that may allow a local user to gain elevated privileges. This could potentially enable attackers to execute unauthorized actions on the system, posing significant security risks. It is crucial for organizations utilizing affected versions to implement the necessary patches and updates as recommended by IBM to mitigate this vulnerability. For more information, refer to the vendor advisory at IBM's support page.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T01:10:05.711Z,0
CVE-2024-49804,https://securityvulnerability.io/vulnerability/CVE-2024-49804,Potential Privilege Escalation Vulnerability in Security Verify Access Appliance,"A vulnerability exists in IBM Security Verify Access Appliance, impacting versions 10.0.0 through 10.0.8. This flaw enables a locally authenticated non-administrative user to escalate their privileges by exploiting unnecessary permissions assigned to specific tasks. As a result, the integrity and security of system operations could be compromised. Immediate action is recommended to mitigate potential risks associated with this vulnerability. For details and updates, refer to the official IBM support page.",IBM,Security Verify Access,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-29T16:55:32.323Z,0
CVE-2024-49806,https://securityvulnerability.io/vulnerability/CVE-2024-49806,Hard-coded credentials expose IBM Security Verify Access Appliance to potential security risks,"The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 contain a vulnerability caused by hard-coded credentials, including passwords or cryptographic keys. These credentials are utilized for various critical functions, such as inbound authentication, outbound communication with external components, and encryption of internal data. This security flaw poses a significant risk, as attackers may exploit the hard-coded credentials to gain unauthorized access to the system, potentially leading to data breaches or manipulation.",IBM,Security Verify Access,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-29T16:53:45.208Z,0
CVE-2024-49805,https://securityvulnerability.io/vulnerability/CVE-2024-49805,IBM Security Verify Access Appliance Hard-Coded Credentials Vulnerability,"The vulnerability in IBM Security Verify Access Appliance allows for the presence of hard-coded credentials that may be exploited to compromise the system. Specifically, this weakness affects versions ranging from 10.0.0 to 10.0.8, where hard-coded credentials reduce the security integrity of inbound authentication processes and outbound communications. Additionally, the embedded credentials can jeopardize the encryption of internal data, posing potential risks to the confidentiality and integrity of sensitive information.",IBM,Security Verify Access,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-29T16:52:15.174Z,0
CVE-2024-49803,https://securityvulnerability.io/vulnerability/CVE-2024-49803,Remote Command Execution Vulnerability Affects IBM Security Verify Access Appliance,"IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 are susceptible to a vulnerability that allows a remote authenticated attacker to execute arbitrary commands on the system. This occurs through the submission of specially crafted requests, potentially leading to unauthorized system access and manipulation. It is essential for organizations using this appliance to apply the necessary patches or mitigations to safeguard their systems against exploitation.",IBM,Security Verify Access,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-29T16:50:31.964Z,0
CVE-2024-35133,https://securityvulnerability.io/vulnerability/CVE-2024-35133,IBM Security Verify Access Vulnerability Could Lead to Phishing Attacks,"IBM Security Verify Access versions 10.0.0 through 10.0.8 present an open redirect vulnerability in the OIDC Provider, which can be exploited by remote authenticated attackers to perform phishing attacks. By convincing users to navigate to a specially designed link, attackers can manipulate the displayed URL, redirecting users to malicious sites disguised as legitimate ones. This exploitation can lead to the theft of sensitive information or enable further compromise of the victim's security.",IBM,"Security Verify Access,Security Verify Access Docker",8.2,HIGH,0.0007399999885819852,false,,false,false,true,2024-10-18T18:49:27.000Z,true,false,false,,2024-08-29T16:39:43.913Z,0
CVE-2024-35139,https://securityvulnerability.io/vulnerability/CVE-2024-35139,IBM Security Access Manager Docker vulnerability could expose sensitive information,IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions.  IBM X-Force ID:  292415.,IBM,Security Verify Access Docker,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T15:42:04.309Z,0
CVE-2024-35137,https://securityvulnerability.io/vulnerability/CVE-2024-35137,IBM Security Access Manager Docker vulnerability could lead to elevated privileges,IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed.   IBM X-Force ID:  292413.,IBM,Security Verify Access Docker,6.2,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-28T15:33:11.156Z,0
CVE-2024-31883,https://securityvulnerability.io/vulnerability/CVE-2024-31883,Denial of Service Issue in IBM Security Verify Access,"IBM Security Verify Access versions 10.0.0.0 through 10.0.7.1 may experience a vulnerability that allows unauthenticated attackers to exploit asymmetric resource consumption. This could potentially result in a denial of service, affecting the availability of the services provided by the product. The issue arises under certain configurations, necessitating timely attention from users to mitigate risks. For more details, refer to IBM's support documentation and X-Force vulnerability registry.",IBM,Security Verify Access,5.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-27T16:15:00.000Z,0
CVE-2023-30430,https://securityvulnerability.io/vulnerability/CVE-2023-30430,IBM Security Verify Access Vulnerability Could Leak Sensitive Information,"IBM Security Verify Access versions 10.0.0 to 10.0.7.1 have a vulnerability that could enable a local user to access sensitive data from trace logs. This situation poses a risk as unauthorized personnel may exploit this access to retrieve critical user information without proper permissions, leading to potential privacy violations and exposure of confidential data. It is crucial for users of the affected versions to take immediate action to mitigate the risks associated with this vulnerability.",IBM,Security Verify Access,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T15:53:23.648Z,0
CVE-2024-35142,https://securityvulnerability.io/vulnerability/CVE-2024-35142,Unnecessary Privileges Could Lead to Escalation of Local User Privileges,"A vulnerability in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6 allows a local user to escalate their privileges due to unnecessary privilege execution. This flaw could potentially enable attackers to exploit the system and gain elevated access, compromising the integrity and security of the environment. Addressing this vulnerability is crucial for organizations utilizing these versions to ensure their systems remain secure against local privilege escalation threats.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T16:57:37.135Z,0
CVE-2024-35140,https://securityvulnerability.io/vulnerability/CVE-2024-35140,IBM Security Verify Access Docker Vulnerability Could Lead to Privilege Escalation,"A vulnerability in IBM Security Verify Access Docker allows local users to escalate their privileges due to improper handling of certificate validation. The affected versions, ranging from 10.0.0 to 10.0.6, pose a risk of unauthorized access, potentially leading to further exploitation by malicious users. Organizations running these versions should apply necessary patches and evaluate their security postures to prevent potential breaches.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T16:53:08.654Z,0
CVE-2024-22338,https://securityvulnerability.io/vulnerability/CVE-2024-22338,IBM Security Verify Access OIDC Provider Vulnerability Could Disclose Sensitive Information,IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation.  IBM X-Force ID:  279978.,IBM,Security Verify Access Oidc Provider,4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T10:36:52.708Z,0
CVE-2024-31874,https://securityvulnerability.io/vulnerability/CVE-2024-31874,IBM Security Verify Access Appliance Denial of Service Vulnerability,"The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 contain a vulnerability that arises from the usage of uninitialized variables during deployment. This flaw may enable local users to execute operations that result in a denial of service, affecting the availability of the affected system. Organizations are advised to review their deployments to mitigate potential abuse of this vulnerability, ensuring that appropriate security measures and updates are applied.",IBM,Security Verify Access Appliance,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-10T16:02:21.365Z,0
CVE-2024-31873,https://securityvulnerability.io/vulnerability/CVE-2024-31873,IBM Security Verify Access Appliance Hard-Coded Credentials Vulnerability,"The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 are vulnerable due to the presence of hard-coded credentials used for inbound authentication. These credentials can potentially be exploited by malicious actors, allowing unauthorized access and compromising the security of user data. It is crucial for organizations using affected versions to assess their systems and apply necessary mitigating measures to protect against potential threats.",IBM,Security Verify Access Appliance,7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-04-10T15:58:42.588Z,0
CVE-2024-31871,https://securityvulnerability.io/vulnerability/CVE-2024-31871,IBM Security Verify Access Appliance at Risk of Man-in-the-Middle Attack Due to Certificate Validation Flaw,"A vulnerability exists in the IBM Security Verify Access Appliance versions 10.0.0 to 10.0.7 that could let an attacker exploit improper certificate validation during the deployment of Python scripts. This flaw may permit a malicious actor to execute a man-in-the-middle attack, compromising the integrity and confidentiality of communications. Users of the affected appliances are encouraged to review their configurations and apply patches to ensure enhanced security measures. For further details, refer to the vendor advisory and vulnerability database entries.",IBM,Security Verify Access Appliance,8.1,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-04-10T15:55:20.179Z,0
CVE-2024-31872,https://securityvulnerability.io/vulnerability/CVE-2024-31872,IBM Security Verify Access Appliance at Risk of Man-in-the-Middle Attack Due to Certificate Validation Issue,"IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 are susceptible to attacks due to a lack of proper certificate validation. This vulnerability enables malicious actors to potentially execute man-in-the-middle attacks when deploying open-source scripts, compromising data integrity and confidentiality. Users of the affected versions should take immediate action to secure their systems and monitor for unusual activity.",IBM,Security Verify Access Appliance,8.1,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-04-10T15:51:04.118Z,0
CVE-2024-25027,https://securityvulnerability.io/vulnerability/CVE-2024-25027,IBM Security Verify Access Container information disclosure,IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption.  IBM X-Force ID:  281607.,IBM,Security Verify Access Docker,6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-31T12:15:00.000Z,0