cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45647,https://securityvulnerability.io/vulnerability/CVE-2024-45647,Password Modification Vulnerability in IBM Security Verify Access,"A vulnerability exists in IBM Security Verify Access versions 10.0.0 through 10.0.8, including the Docker version. This flaw allows an unverified user to change the password of an expired user account without needing to know the original password, enabling unauthorized access to sensitive information and resources.",IBM,"Security Verify Access,Security Verify Access Docker",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-20T14:50:54.184Z,0
CVE-2024-35141,https://securityvulnerability.io/vulnerability/CVE-2024-35141,Local Privilege Escalation Vulnerability in IBM Security Verify Access Docker,"CVE-2024-35141 is a local privilege escalation vulnerability found in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6. This vulnerability arises from inadequate execution permissions that may allow a local user to gain elevated privileges. This could potentially enable attackers to execute unauthorized actions on the system, posing significant security risks. It is crucial for organizations utilizing affected versions to implement the necessary patches and updates as recommended by IBM to mitigate this vulnerability. For more information, refer to the vendor advisory at IBM's support page.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T01:10:05.711Z,0
CVE-2024-35133,https://securityvulnerability.io/vulnerability/CVE-2024-35133,IBM Security Verify Access Vulnerability Could Lead to Phishing Attacks,"IBM Security Verify Access versions 10.0.0 through 10.0.8 present an open redirect vulnerability in the OIDC Provider, which can be exploited by remote authenticated attackers to perform phishing attacks. By convincing users to navigate to a specially designed link, attackers can manipulate the displayed URL, redirecting users to malicious sites disguised as legitimate ones. This exploitation can lead to the theft of sensitive information or enable further compromise of the victim's security.",IBM,"Security Verify Access,Security Verify Access Docker",8.2,HIGH,0.0007399999885819852,false,,false,false,true,2024-10-18T18:49:27.000Z,true,false,false,,2024-08-29T16:39:43.913Z,0
CVE-2024-35139,https://securityvulnerability.io/vulnerability/CVE-2024-35139,IBM Security Access Manager Docker vulnerability could expose sensitive information,IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions.  IBM X-Force ID:  292415.,IBM,Security Verify Access Docker,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T15:42:04.309Z,0
CVE-2024-35137,https://securityvulnerability.io/vulnerability/CVE-2024-35137,IBM Security Access Manager Docker vulnerability could lead to elevated privileges,IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed.   IBM X-Force ID:  292413.,IBM,Security Verify Access Docker,6.2,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-28T15:33:11.156Z,0
CVE-2024-35142,https://securityvulnerability.io/vulnerability/CVE-2024-35142,Unnecessary Privileges Could Lead to Escalation of Local User Privileges,"A vulnerability in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6 allows a local user to escalate their privileges due to unnecessary privilege execution. This flaw could potentially enable attackers to exploit the system and gain elevated access, compromising the integrity and security of the environment. Addressing this vulnerability is crucial for organizations utilizing these versions to ensure their systems remain secure against local privilege escalation threats.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T16:57:37.135Z,0
CVE-2024-35140,https://securityvulnerability.io/vulnerability/CVE-2024-35140,IBM Security Verify Access Docker Vulnerability Could Lead to Privilege Escalation,"A vulnerability in IBM Security Verify Access Docker allows local users to escalate their privileges due to improper handling of certificate validation. The affected versions, ranging from 10.0.0 to 10.0.6, pose a risk of unauthorized access, potentially leading to further exploitation by malicious users. Organizations running these versions should apply necessary patches and evaluate their security postures to prevent potential breaches.",IBM,Security Verify Access Docker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-31T16:53:08.654Z,0
CVE-2024-25027,https://securityvulnerability.io/vulnerability/CVE-2024-25027,IBM Security Verify Access Container information disclosure,IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption.  IBM X-Force ID:  281607.,IBM,Security Verify Access Docker,6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-31T12:15:00.000Z,0
CVE-2023-38369,https://securityvulnerability.io/vulnerability/CVE-2023-38369,IBM Security Access Manager Container Vulnerability,"IBM Security Access Manager Container versions 10.0.0.0 through 10.0.6.1 have a concerning vulnerability relating to the enforcement of password policies for Docker images. By default, these products do not mandate strong passwords, which can facilitate unauthorized access and compromise user accounts. The lack of a secure password requirement highlights the importance of implementing effective security measures to protect sensitive information and maintain the integrity of user accounts. Organizations using these particular versions should assess their security configurations, ensuring that robust password policies and best practices are enforced to mitigate risks associated with weak authentication mechanisms.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.5,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2024-02-07T16:15:04.324Z,0
CVE-2023-31002,https://securityvulnerability.io/vulnerability/CVE-2023-31002,Sensitive Information Stored in Accessible Files,"IBM Security Access Manager Container versions 10.0.0.0 to 10.0.6.1 exhibit a vulnerability where sensitive information is stored temporarily in files. This information can be accessed by a local user, potentially leading to unauthorized access to sensitive data. System administrators and security professionals should be aware of this issue and take appropriate measures to mitigate the risk.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-02-07T16:13:14.870Z,0
CVE-2023-43017,https://securityvulnerability.io/vulnerability/CVE-2023-43017,Potential Remote Access Vulnerability in IBM Security Verify Access,"IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 are susceptible to a vulnerability that permits a privileged user to install a configuration file. This capability can lead to unauthorized remote access, posing significant security risks. Organizations utilizing IBM Security Verify Access should assess their environments, ensure proper permissions are enforced, and apply necessary mitigations to protect against potential exploitation.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.2,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-07T16:10:54.183Z,0
CVE-2023-32330,https://securityvulnerability.io/vulnerability/CVE-2023-32330,Insecure Calls in IBM Security Verify Access Could Lead to Server Takeover,"IBM Security Verify Access versions 10.0.0.0 to 10.0.6.1 has a vulnerability due to the use of insecure calls that can be exploited by an attacker on the network. This flaw may allow unauthorized users to execute arbitrary code remotely, leading to potential server control compromise. Organizations utilizing this software should take immediate steps to apply security patches or updates as recommended by IBM to mitigate the risks associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-02-07T16:09:01.182Z,0
CVE-2023-32328,https://securityvulnerability.io/vulnerability/CVE-2023-32328,Insecure Protocols in IBM Security Verify Access Could Lead to Server Takeover,"IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 contain a vulnerability due to the use of insecure protocols. This could enable an unauthorized attacker on the network to gain control of the server, potentially leading to unauthorized data access and manipulation. Organizations using these affected versions are advised to review their security posture and implement necessary mitigations to safeguard against potential exploits.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-02-07T16:07:06.935Z,0
CVE-2023-31006,https://securityvulnerability.io/vulnerability/CVE-2023-31006,IBM Security Access Manager Container Under Denial of Service Attack,"A denial of service vulnerability has been identified in the IBM Security Access Manager Container, impacting both the IBM Security Verify Access Appliance and its Docker counterpart. These versions are susceptible to attacks that may result in a disruption of services by targeting the DSC server, preventing legitimate users from accessing critical functions. Organizations should prioritize assessing their systems for exposure and explore available patches and mitigation recommendations to safeguard against potential attacks.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2024-02-03T01:05:14.622Z,0
CVE-2023-31004,https://securityvulnerability.io/vulnerability/CVE-2023-31004,Remote Attack via Man-in-the-Middle Techniques,"The vulnerability in IBM Security Access Manager Container enables remote attackers to exploit the system using man-in-the-middle techniques. Attackers can potentially gain unauthorized access to the underlying system, posing significant security risks to organizations relying on IBM Security Verify Access Appliance and Docker versions within the specified range. Proper measures and updates are crucial to safeguard against such vulnerabilities.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",9,CRITICAL,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-02-03T01:03:35.459Z,0
CVE-2023-32329,https://securityvulnerability.io/vulnerability/CVE-2023-32329,Container Vulnerability Could Allow Download of Incorrect Files,"A vulnerability in IBM Security Access Manager Container allows users to download files from an unauthorized repository due to improper file validation. This issue affects specific versions of the IBM Security Verify Access Appliance and Docker, posing a significant risk of unauthorized data access. Remediation and proper validation techniques are essential to mitigate potential exploitation. Organizations using the affected products should apply the recommended updates to ensure their security.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-03T01:00:15.237Z,0
CVE-2023-32327,https://securityvulnerability.io/vulnerability/CVE-2023-32327,IBM Security Access Manager Container Vulnerable to XML External Entity Injection Attack,"The XML External Entity Injection vulnerability identified in IBM Security Access Manager Container, specifically in versions 10.0.0.0 through 10.0.6.1 for both the Access Appliance and Docker, allows remote attackers to exploit the product's XML data processing capabilities. This exploitation could lead to the exposure of sensitive data or excessive memory usage, thereby potentially compromising system integrity and performance. It is crucial for users of the affected products to implement necessary security measures to mitigate risks associated with this vulnerability. For further information, refer to IBM's security advisory and vulnerability database entry.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.1,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-02-03T00:57:32.934Z,0
CVE-2023-43016,https://securityvulnerability.io/vulnerability/CVE-2023-43016,Empty Password Vulnerability in IBM Security Access Manager Container Could Allow Remote User Logins,"A vulnerability exists within IBM Security Access Manager that may permit unauthorized remote access to the underlying server. This issue arises from the presence of user accounts configured with no password, allowing potential attackers to authenticate without proper credentials. The affected versions include IBM Security Verify Access Appliance and Docker from 10.0.0.0 to 10.0.6.1. Organizations utilizing these software products should review their account configuration practices to mitigate the risk of unauthorized logins and protect sensitive information.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.3,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-02-03T00:55:55.841Z,0
CVE-2023-30999,https://securityvulnerability.io/vulnerability/CVE-2023-30999,IBM Security Access Manager Container Denial of Service Vulnerability,"A vulnerability in the IBM Security Access Manager Container allows attackers to exploit uncontrolled resource consumption, which can lead to a denial of service. This issue affects both the IBM Security Verify Access Appliance and the IBM Security Verify Access Docker across specific versions, potentially compromising the availability of services relying on these products. Organizations leveraging these tools should review their configurations and updates to ensure they are safeguarded against this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.5,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-02-03T00:31:31.771Z,0
CVE-2023-31005,https://securityvulnerability.io/vulnerability/CVE-2023-31005,IBM Security Access Manager Container Privilege Escalation Vulnerability,"A security configuration issue in IBM Security Access Manager Container enables local users to potentially escalate their privileges within the system. This issue affects versions 10.0.0.0 through 10.0.6.1 of both the IBM Security Verify Access Appliance and the Docker version. Due to improper security settings, local users may exploit this vulnerability to gain elevated rights, compromising the system's integrity and security. Prompt attention and remediation are advisable to mitigate potential exploitation risks.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-02-03T00:17:52.461Z,0
CVE-2023-38267,https://securityvulnerability.io/vulnerability/CVE-2023-38267,IBM Security Access Manager Appliance information disclosure,"A vulnerability within the IBM Security Access Manager Appliance versions 10.0.0.0 through 10.0.6.1 and the IBM Security Verify Access Docker version 10.0.6.1 has been identified, potentially allowing a local user to elevate their privileges. This scenario arises due to sensitive configuration information being exposed, which could be exploited if accessed by unauthorized users. The potential impact emphasizes the importance of securing configuration settings to mitigate risks associated with privilege escalation.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-11T02:48:49.237Z,0
CVE-2023-31001,https://securityvulnerability.io/vulnerability/CVE-2023-31001,IBM Security Access Manager Container information disclosure,"IBM Security Access Manager Container suffers from a vulnerability that temporarily saves sensitive user information in local files, which can be accessed by unauthorized local users. This exposure poses significant risks to the confidentiality and integrity of data stored within the system, necessitating immediate attention and remediation actions to safeguard against potential data breaches.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-11T02:44:33.092Z,0
CVE-2023-31003,https://securityvulnerability.io/vulnerability/CVE-2023-31003,IBM Security Access Manager Container privilege escalation,"The IBM Security Access Manager, specifically within the IBM Security Verify Access Appliance and Docker versions, is susceptible to a flaw that may allow a local user to gain unauthorized root access. This vulnerability arises from improper access controls that fail to adequately secure administrative functionalities, potentially leading to serious implications for system integrity and sensitive data exposure. Organizations using the affected versions are strongly advised to review their deployment configurations and apply any available patches to mitigate risks associated with this vulnerability.",IBM,"Security Verify Access Appliance,Security Verify Access Docker",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-01-11T02:22:44.925Z,0
CVE-2023-30433,https://securityvulnerability.io/vulnerability/CVE-2023-30433,IBM Security Verify Access HTTP open redirect,"IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.  IBM X-Force ID:  252186.",IBM,Security Verify Access Docker,6.5,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-07-19T01:15:00.000Z,0
CVE-2021-39070,https://securityvulnerability.io/vulnerability/CVE-2021-39070,Authentication Bypass Vulnerability in IBM Security Verify Access,"A vulnerability exists in IBM Security Verify Access versions 10.0.0.0, 10.0.1.0, and 10.0.2.0 that allows attackers with the advanced access control authentication service enabled to authenticate as any user. This vulnerability poses serious security risks as it circumvents normal authentication processes, potentially allowing unauthorized access to sensitive data and systems. Organizations using these versions should promptly assess their configurations and implement appropriate mitigations.",IBM,"Security Verify Access,Security Verify Access Docker",9.8,CRITICAL,0.0019499999471008778,false,,false,false,false,,,false,false,,2022-02-02T12:15:00.000Z,0