cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45657,https://securityvulnerability.io/vulnerability/CVE-2024-45657,Local Privilege Escalation in IBM Security Verify Access Appliance and Container,"A security flaw in IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 could permit a local privileged user to execute unauthorized operations due to improperly assigned permissions. This misconfiguration allows exploitation of the system’s privileges, potentially leading to unforeseen security risks.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:40:08.652Z,0
CVE-2024-35138,https://securityvulnerability.io/vulnerability/CVE-2024-35138,Cross-Site Request Forgery Vulnerability in IBM Security Verify Access Appliance,"The IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to a cross-site request forgery attack. This vulnerability allows an attacker to perform unauthorized actions by exploiting the trust of the victim’s browser against the legitimate website. If the victim is authenticated on the site, the attacker can transmit malicious requests, leading to potential unauthorized changes and actions within the application.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:38:34.306Z,0
CVE-2024-43187,https://securityvulnerability.io/vulnerability/CVE-2024-43187,Sensitive Data Transmission Flaw in IBM Security Verify Access Appliance and Container,"The IBM Security Verify Access Appliance and Container versions 10.0.0 to 10.0.8 are exposed to a vulnerability that allows sensitive or security-critical data to be transmitted unencrypted. This flaw compromises the integrity of data being communicated, making it susceptible to interception by unauthorized actors over the network. It is essential for organizations using these products to implement secured communication protocols to mitigate the risk associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.9,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:49.166Z,0
CVE-2024-45658,https://securityvulnerability.io/vulnerability/CVE-2024-45658,Information Disclosure Vulnerability in IBM Security Verify Access,"A vulnerability exists in the IBM Security Verify Access Appliance and Container, specifically affecting versions 10.0.0 through 10.0.8. This issue can allow a remote attacker to gain unauthorized access to sensitive information if a detailed technical error message is returned by the system. The exposed information could potentially be leveraged for further attacks, making it crucial for users to address this issue promptly to safeguard their systems.",IBM,"Security Verify Access Appliance,Security Verify Access Container",2.7,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:37:13.537Z,0
CVE-2024-40700,https://securityvulnerability.io/vulnerability/CVE-2024-40700,Cross-Site Scripting Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliances and Containers versions 10.0.0 through 10.0.8 are susceptible to a Cross-Site Scripting (XSS) flaw, which permits unauthenticated attackers to inject arbitrary JavaScript code into the web user interface. This exploitation can alter the intended functionality of the application and may result in unauthorized disclosure of user credentials during an active session, posing a significant security risk to users.",IBM,"Security Verify Access Appliance,Security Verify Access Container",6.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T20:36:10.138Z,0
CVE-2024-45659,https://securityvulnerability.io/vulnerability/CVE-2024-45659,Information Disclosure Vulnerability in IBM Security Verify Access Appliance and Container,"IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 are susceptible to an information disclosure vulnerability. A remote attacker could exploit this issue by triggering a detailed technical error message, potentially exposing sensitive information that could facilitate subsequent attacks against the system. It is crucial for users of the affected products to apply necessary patches or updates as advised by the vendor to mitigate this risk.",IBM,"Security Verify Access Appliance,Security Verify Access Container",5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T17:34:12.764Z,0
CVE-2024-31874,https://securityvulnerability.io/vulnerability/CVE-2024-31874,IBM Security Verify Access Appliance Denial of Service Vulnerability,"The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 contain a vulnerability that arises from the usage of uninitialized variables during deployment. This flaw may enable local users to execute operations that result in a denial of service, affecting the availability of the affected system. Organizations are advised to review their deployments to mitigate potential abuse of this vulnerability, ensuring that appropriate security measures and updates are applied.",IBM,Security Verify Access Appliance,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-10T16:02:21.365Z,0
CVE-2024-31873,https://securityvulnerability.io/vulnerability/CVE-2024-31873,IBM Security Verify Access Appliance Hard-Coded Credentials Vulnerability,"The IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 are vulnerable due to the presence of hard-coded credentials used for inbound authentication. These credentials can potentially be exploited by malicious actors, allowing unauthorized access and compromising the security of user data. It is crucial for organizations using affected versions to assess their systems and apply necessary mitigating measures to protect against potential threats.",IBM,Security Verify Access Appliance,7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-04-10T15:58:42.588Z,0
CVE-2024-31871,https://securityvulnerability.io/vulnerability/CVE-2024-31871,IBM Security Verify Access Appliance at Risk of Man-in-the-Middle Attack Due to Certificate Validation Flaw,"A vulnerability exists in the IBM Security Verify Access Appliance versions 10.0.0 to 10.0.7 that could let an attacker exploit improper certificate validation during the deployment of Python scripts. This flaw may permit a malicious actor to execute a man-in-the-middle attack, compromising the integrity and confidentiality of communications. Users of the affected appliances are encouraged to review their configurations and apply patches to ensure enhanced security measures. For further details, refer to the vendor advisory and vulnerability database entries.",IBM,Security Verify Access Appliance,8.1,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-04-10T15:55:20.179Z,0
CVE-2024-31872,https://securityvulnerability.io/vulnerability/CVE-2024-31872,IBM Security Verify Access Appliance at Risk of Man-in-the-Middle Attack Due to Certificate Validation Issue,"IBM Security Verify Access Appliance versions 10.0.0 through 10.0.7 are susceptible to attacks due to a lack of proper certificate validation. This vulnerability enables malicious actors to potentially execute man-in-the-middle attacks when deploying open-source scripts, compromising data integrity and confidentiality. Users of the affected versions should take immediate action to secure their systems and monitor for unusual activity.",IBM,Security Verify Access Appliance,8.1,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-04-10T15:51:04.118Z,0
CVE-2023-38369,https://securityvulnerability.io/vulnerability/CVE-2023-38369,IBM Security Access Manager Container Vulnerability,"IBM Security Access Manager Container versions 10.0.0.0 through 10.0.6.1 have a concerning vulnerability relating to the enforcement of password policies for Docker images. By default, these products do not mandate strong passwords, which can facilitate unauthorized access and compromise user accounts. The lack of a secure password requirement highlights the importance of implementing effective security measures to protect sensitive information and maintain the integrity of user accounts. Organizations using these particular versions should assess their security configurations, ensuring that robust password policies and best practices are enforced to mitigate risks associated with weak authentication mechanisms.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.5,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2024-02-07T16:15:04.324Z,0
CVE-2023-31002,https://securityvulnerability.io/vulnerability/CVE-2023-31002,Sensitive Information Stored in Accessible Files,"IBM Security Access Manager Container versions 10.0.0.0 to 10.0.6.1 exhibit a vulnerability where sensitive information is stored temporarily in files. This information can be accessed by a local user, potentially leading to unauthorized access to sensitive data. System administrators and security professionals should be aware of this issue and take appropriate measures to mitigate the risk.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-02-07T16:13:14.870Z,0
CVE-2023-43017,https://securityvulnerability.io/vulnerability/CVE-2023-43017,Potential Remote Access Vulnerability in IBM Security Verify Access,"IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 are susceptible to a vulnerability that permits a privileged user to install a configuration file. This capability can lead to unauthorized remote access, posing significant security risks. Organizations utilizing IBM Security Verify Access should assess their environments, ensure proper permissions are enforced, and apply necessary mitigations to protect against potential exploitation.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.2,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-07T16:10:54.183Z,0
CVE-2023-32330,https://securityvulnerability.io/vulnerability/CVE-2023-32330,Insecure Calls in IBM Security Verify Access Could Lead to Server Takeover,"IBM Security Verify Access versions 10.0.0.0 to 10.0.6.1 has a vulnerability due to the use of insecure calls that can be exploited by an attacker on the network. This flaw may allow unauthorized users to execute arbitrary code remotely, leading to potential server control compromise. Organizations utilizing this software should take immediate steps to apply security patches or updates as recommended by IBM to mitigate the risks associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-02-07T16:09:01.182Z,0
CVE-2023-32328,https://securityvulnerability.io/vulnerability/CVE-2023-32328,Insecure Protocols in IBM Security Verify Access Could Lead to Server Takeover,"IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 contain a vulnerability due to the use of insecure protocols. This could enable an unauthorized attacker on the network to gain control of the server, potentially leading to unauthorized data access and manipulation. Organizations using these affected versions are advised to review their security posture and implement necessary mitigations to safeguard against potential exploits.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-02-07T16:07:06.935Z,0
CVE-2023-31006,https://securityvulnerability.io/vulnerability/CVE-2023-31006,IBM Security Access Manager Container Under Denial of Service Attack,"A denial of service vulnerability has been identified in the IBM Security Access Manager Container, impacting both the IBM Security Verify Access Appliance and its Docker counterpart. These versions are susceptible to attacks that may result in a disruption of services by targeting the DSC server, preventing legitimate users from accessing critical functions. Organizations should prioritize assessing their systems for exposure and explore available patches and mitigation recommendations to safeguard against potential attacks.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2024-02-03T01:05:14.622Z,0
CVE-2023-31004,https://securityvulnerability.io/vulnerability/CVE-2023-31004,Remote Attack via Man-in-the-Middle Techniques,"The vulnerability in IBM Security Access Manager Container enables remote attackers to exploit the system using man-in-the-middle techniques. Attackers can potentially gain unauthorized access to the underlying system, posing significant security risks to organizations relying on IBM Security Verify Access Appliance and Docker versions within the specified range. Proper measures and updates are crucial to safeguard against such vulnerabilities.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",9,CRITICAL,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-02-03T01:03:35.459Z,0
CVE-2023-32329,https://securityvulnerability.io/vulnerability/CVE-2023-32329,Container Vulnerability Could Allow Download of Incorrect Files,"A vulnerability in IBM Security Access Manager Container allows users to download files from an unauthorized repository due to improper file validation. This issue affects specific versions of the IBM Security Verify Access Appliance and Docker, posing a significant risk of unauthorized data access. Remediation and proper validation techniques are essential to mitigate potential exploitation. Organizations using the affected products should apply the recommended updates to ensure their security.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-03T01:00:15.237Z,0
CVE-2023-32327,https://securityvulnerability.io/vulnerability/CVE-2023-32327,IBM Security Access Manager Container Vulnerable to XML External Entity Injection Attack,"The XML External Entity Injection vulnerability identified in IBM Security Access Manager Container, specifically in versions 10.0.0.0 through 10.0.6.1 for both the Access Appliance and Docker, allows remote attackers to exploit the product's XML data processing capabilities. This exploitation could lead to the exposure of sensitive data or excessive memory usage, thereby potentially compromising system integrity and performance. It is crucial for users of the affected products to implement necessary security measures to mitigate risks associated with this vulnerability. For further information, refer to IBM's security advisory and vulnerability database entry.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.1,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-02-03T00:57:32.934Z,0
CVE-2023-43016,https://securityvulnerability.io/vulnerability/CVE-2023-43016,Empty Password Vulnerability in IBM Security Access Manager Container Could Allow Remote User Logins,"A vulnerability exists within IBM Security Access Manager that may permit unauthorized remote access to the underlying server. This issue arises from the presence of user accounts configured with no password, allowing potential attackers to authenticate without proper credentials. The affected versions include IBM Security Verify Access Appliance and Docker from 10.0.0.0 to 10.0.6.1. Organizations utilizing these software products should review their account configuration practices to mitigate the risk of unauthorized logins and protect sensitive information.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.3,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-02-03T00:55:55.841Z,0
CVE-2023-30999,https://securityvulnerability.io/vulnerability/CVE-2023-30999,IBM Security Access Manager Container Denial of Service Vulnerability,"A vulnerability in the IBM Security Access Manager Container allows attackers to exploit uncontrolled resource consumption, which can lead to a denial of service. This issue affects both the IBM Security Verify Access Appliance and the IBM Security Verify Access Docker across specific versions, potentially compromising the availability of services relying on these products. Organizations leveraging these tools should review their configurations and updates to ensure they are safeguarded against this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.5,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-02-03T00:31:31.771Z,0
CVE-2023-31005,https://securityvulnerability.io/vulnerability/CVE-2023-31005,IBM Security Access Manager Container Privilege Escalation Vulnerability,"A security configuration issue in IBM Security Access Manager Container enables local users to potentially escalate their privileges within the system. This issue affects versions 10.0.0.0 through 10.0.6.1 of both the IBM Security Verify Access Appliance and the Docker version. Due to improper security settings, local users may exploit this vulnerability to gain elevated rights, compromising the system's integrity and security. Prompt attention and remediation are advisable to mitigate potential exploitation risks.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-02-03T00:17:52.461Z,0
CVE-2023-38267,https://securityvulnerability.io/vulnerability/CVE-2023-38267,IBM Security Access Manager Appliance information disclosure,"A vulnerability within the IBM Security Access Manager Appliance versions 10.0.0.0 through 10.0.6.1 and the IBM Security Verify Access Docker version 10.0.6.1 has been identified, potentially allowing a local user to elevate their privileges. This scenario arises due to sensitive configuration information being exposed, which could be exploited if accessed by unauthorized users. The potential impact emphasizes the importance of securing configuration settings to mitigate risks associated with privilege escalation.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-11T02:48:49.237Z,0
CVE-2023-31001,https://securityvulnerability.io/vulnerability/CVE-2023-31001,IBM Security Access Manager Container information disclosure,"IBM Security Access Manager Container suffers from a vulnerability that temporarily saves sensitive user information in local files, which can be accessed by unauthorized local users. This exposure poses significant risks to the confidentiality and integrity of data stored within the system, necessitating immediate attention and remediation actions to safeguard against potential data breaches.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-11T02:44:33.092Z,0
CVE-2023-31003,https://securityvulnerability.io/vulnerability/CVE-2023-31003,IBM Security Access Manager Container privilege escalation,"The IBM Security Access Manager, specifically within the IBM Security Verify Access Appliance and Docker versions, is susceptible to a flaw that may allow a local user to gain unauthorized root access. This vulnerability arises from improper access controls that fail to adequately secure administrative functionalities, potentially leading to serious implications for system integrity and sensitive data exposure. Organizations using the affected versions are strongly advised to review their deployment configurations and apply any available patches to mitigate risks associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-11T02:22:44.925Z,0