Search criteria
121 vulnerabilities found for Security Verify Access by IBM
CVE-2025-36087 (GCVE-0-2025-36087)
Vulnerability from nvd – Published: 2025-10-13 00:38 – Updated: 2025-10-15 13:46
VLAI?
Title
IBM Security Verify Access hard coded credentials
Summary
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Severity ?
8.1 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.9
(semver)
Affected: 11.0.0 cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:46:15.602167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:46:30.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"value": "IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T00:38:14.262Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247753"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0.0 - 10.0.9\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security\u0026amp;product=ibm/Tivoli/IBM+Security+Verify+Access\u0026amp;release=10.0.9.0\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=10.0.9.0-ISS-ISVA-IF0002\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eDownload IBM Security Verify Access v10.0.9 IF2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/download-ibm-verify-identity-access-v1101\"\u003eDownload IBM Verify Identity Access v11.0.1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM Security Verify Access 10.0.0 - 10.0.9\n\n Download IBM Security Verify Access v10.0.9 IF2 https://www.ibm.com/support/fixcentral/swg/downloadFixes \n\nIBM Verify Identity Access 11.0\n\n Download IBM Verify Identity Access v11.0.1 https://www.ibm.com/support/pages/download-ibm-verify-identity-access-v1101"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36087",
"datePublished": "2025-10-13T00:38:14.262Z",
"dateReserved": "2025-04-15T21:16:13.891Z",
"dateUpdated": "2025-10-15T13:46:30.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0163 (GCVE-0-2025-0163)
Vulnerability from nvd – Published: 2025-06-11 14:20 – Updated: 2025-08-24 11:55
VLAI?
Title
IBM Security Verify Access information disclosure
Summary
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:40:40.077464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:40:48.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts."
}
],
"value": "IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:55:49.924Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236314"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003ePassport Advantage\u003cbr\u003eIBM Security Verify Access 10.0.9: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7177661\"\u003ehttps://www.ibm.com/support/pages/node/7177661\u003c/a\u003e\u003cbr\u003eIBM Verify Identity Access 11.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7167873\"\u003ehttps://www.ibm.com/support/pages/node/7167873\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFix Central\u003cbr\u003e Product Name\u003cbr\u003e Fixed in VRMF\u003cbr\u003e\u003cbr\u003eFix availability\u003cbr\u003eIBM Security Verify Access 10.0.9 10.0.9-ISS-ISVA-FP0000 \u003cbr\u003eIBM Verify Identity Access 11.0 11.0.0-ISS-IVIA-FP0000 \u003cbr\u003e\u003cbr\u003eDocker\u003cbr\u003eLog into IBM Cloud Registry and then execute the corresponding commands as the following: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7167873#container\"\u003ehttps://www.ibm.com/support/pages/node/7167873#container\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nPassport Advantage\nIBM Security Verify Access 10.0.9: https://www.ibm.com/support/pages/node/7177661 \nIBM Verify Identity Access 11.0: https://www.ibm.com/support/pages/node/7167873 \n\nFix Central\n Product Name\n Fixed in VRMF\n\nFix availability\nIBM Security Verify Access 10.0.9 10.0.9-ISS-ISVA-FP0000 \nIBM Verify Identity Access 11.0 11.0.0-ISS-IVIA-FP0000 \n\nDocker\nLog into IBM Cloud Registry and then execute the corresponding commands as the following: https://www.ibm.com/support/pages/node/7167873#container"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0163",
"datePublished": "2025-06-11T14:20:28.855Z",
"dateReserved": "2024-12-31T19:09:14.912Z",
"dateUpdated": "2025-08-24T11:55:49.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0161 (GCVE-0-2025-0161)
Vulnerability from nvd – Published: 2025-02-20 16:02 – Updated: 2025-08-11 16:53
VLAI?
Title
IBM Security Verify Access Appliance code injection
Summary
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0.0 , ≤ 10.0.0.9
(semver)
Affected: 11.0.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T16:22:54.565528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:23:08.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.0.9",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T16:53:22.730Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183788"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance code injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0161",
"datePublished": "2025-02-20T16:02:37.156Z",
"dateReserved": "2024-12-31T19:09:12.900Z",
"dateUpdated": "2025-08-11T16:53:22.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45647 (GCVE-0-2024-45647)
Vulnerability from nvd – Published: 2025-01-20 14:50 – Updated: 2025-01-21 20:08
VLAI?
Title
IBM Security Verify Access unverified password change
Summary
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
Severity ?
5.6 (Medium)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T20:07:29.261341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:08:31.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password."
}
],
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T14:50:54.184Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access unverified password change",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45647",
"datePublished": "2025-01-20T14:50:54.184Z",
"dateReserved": "2024-09-03T13:50:17.060Z",
"dateUpdated": "2025-01-21T20:08:31.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49806 (GCVE-0-2024-49806)
Vulnerability from nvd – Published: 2024-11-29 16:53 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance hard coded credentials
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Severity ?
9.4 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:32.019925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:53:45.208Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49806",
"datePublished": "2024-11-29T16:53:45.208Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49805 (GCVE-0-2024-49805)
Vulnerability from nvd – Published: 2024-11-29 16:52 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance hard coded credentials
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Severity ?
9.4 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:39.412885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:55:50.852Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49805",
"datePublished": "2024-11-29T16:52:15.174Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49804 (GCVE-0-2024-49804)
Vulnerability from nvd – Published: 2024-11-29 16:55 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance privilege escalation
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:23.334682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. \u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncould allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:55:32.323Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49804",
"datePublished": "2024-11-29T16:55:32.323Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49803 (GCVE-0-2024-49803)
Vulnerability from nvd – Published: 2024-11-29 16:50 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance command execution
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:47.156364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:50:31.964Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49803",
"datePublished": "2024-11-29T16:50:31.964Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35133 (GCVE-0-2024-35133)
Vulnerability from nvd – Published: 2024-08-29 16:39 – Updated: 2024-09-21 09:58
VLAI?
Title
IBM Security Verify Access HTTP open redirect
Summary
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Severity ?
6.8 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:02:51.567380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:03:12.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
}
],
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-21T09:58:17.795Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166712"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291026"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access HTTP open redirect",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35133",
"datePublished": "2024-08-29T16:39:43.913Z",
"dateReserved": "2024-05-09T16:27:27.133Z",
"dateUpdated": "2024-09-21T09:58:17.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31883 (GCVE-0-2024-31883)
Vulnerability from nvd – Published: 2024-06-27 15:50 – Updated: 2024-08-02 01:59
VLAI?
Title
IBM Security Verify Access denial of service
Summary
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.
Severity ?
5.3 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0.0 , ≤ 10.0.7.1
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T17:23:26.234798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T17:23:32.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158789"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7.1",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615."
}
],
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T15:50:52.220Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158789"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31883",
"datePublished": "2024-06-27T15:50:52.220Z",
"dateReserved": "2024-04-07T12:44:46.961Z",
"dateUpdated": "2024-08-02T01:59:50.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36087 (GCVE-0-2025-36087)
Vulnerability from cvelistv5 – Published: 2025-10-13 00:38 – Updated: 2025-10-15 13:46
VLAI?
Title
IBM Security Verify Access hard coded credentials
Summary
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Severity ?
8.1 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.9
(semver)
Affected: 11.0.0 cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:46:15.602167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:46:30.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:11.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:11.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Verify Identity Access Container",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"value": "IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T00:38:14.262Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247753"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0.0 - 10.0.9\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security\u0026amp;product=ibm/Tivoli/IBM+Security+Verify+Access\u0026amp;release=10.0.9.0\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=10.0.9.0-ISS-ISVA-IF0002\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eDownload IBM Security Verify Access v10.0.9 IF2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/download-ibm-verify-identity-access-v1101\"\u003eDownload IBM Verify Identity Access v11.0.1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM Security Verify Access 10.0.0 - 10.0.9\n\n Download IBM Security Verify Access v10.0.9 IF2 https://www.ibm.com/support/fixcentral/swg/downloadFixes \n\nIBM Verify Identity Access 11.0\n\n Download IBM Verify Identity Access v11.0.1 https://www.ibm.com/support/pages/download-ibm-verify-identity-access-v1101"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36087",
"datePublished": "2025-10-13T00:38:14.262Z",
"dateReserved": "2025-04-15T21:16:13.891Z",
"dateUpdated": "2025-10-15T13:46:30.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0163 (GCVE-0-2025-0163)
Vulnerability from cvelistv5 – Published: 2025-06-11 14:20 – Updated: 2025-08-24 11:55
VLAI?
Title
IBM Security Verify Access information disclosure
Summary
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:40:40.077464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:40:48.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts."
}
],
"value": "IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:55:49.924Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236314"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003ePassport Advantage\u003cbr\u003eIBM Security Verify Access 10.0.9: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7177661\"\u003ehttps://www.ibm.com/support/pages/node/7177661\u003c/a\u003e\u003cbr\u003eIBM Verify Identity Access 11.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7167873\"\u003ehttps://www.ibm.com/support/pages/node/7167873\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFix Central\u003cbr\u003e Product Name\u003cbr\u003e Fixed in VRMF\u003cbr\u003e\u003cbr\u003eFix availability\u003cbr\u003eIBM Security Verify Access 10.0.9 10.0.9-ISS-ISVA-FP0000 \u003cbr\u003eIBM Verify Identity Access 11.0 11.0.0-ISS-IVIA-FP0000 \u003cbr\u003e\u003cbr\u003eDocker\u003cbr\u003eLog into IBM Cloud Registry and then execute the corresponding commands as the following: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7167873#container\"\u003ehttps://www.ibm.com/support/pages/node/7167873#container\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nPassport Advantage\nIBM Security Verify Access 10.0.9: https://www.ibm.com/support/pages/node/7177661 \nIBM Verify Identity Access 11.0: https://www.ibm.com/support/pages/node/7167873 \n\nFix Central\n Product Name\n Fixed in VRMF\n\nFix availability\nIBM Security Verify Access 10.0.9 10.0.9-ISS-ISVA-FP0000 \nIBM Verify Identity Access 11.0 11.0.0-ISS-IVIA-FP0000 \n\nDocker\nLog into IBM Cloud Registry and then execute the corresponding commands as the following: https://www.ibm.com/support/pages/node/7167873#container"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0163",
"datePublished": "2025-06-11T14:20:28.855Z",
"dateReserved": "2024-12-31T19:09:14.912Z",
"dateUpdated": "2025-08-24T11:55:49.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0161 (GCVE-0-2025-0161)
Vulnerability from cvelistv5 – Published: 2025-02-20 16:02 – Updated: 2025-08-11 16:53
VLAI?
Title
IBM Security Verify Access Appliance code injection
Summary
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0.0 , ≤ 10.0.0.9
(semver)
Affected: 11.0.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T16:22:54.565528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:23:08.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.0.9",
"status": "affected",
"version": "10.0.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T16:53:22.730Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183788"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance code injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0161",
"datePublished": "2025-02-20T16:02:37.156Z",
"dateReserved": "2024-12-31T19:09:12.900Z",
"dateUpdated": "2025-08-11T16:53:22.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45647 (GCVE-0-2024-45647)
Vulnerability from cvelistv5 – Published: 2025-01-20 14:50 – Updated: 2025-01-21 20:08
VLAI?
Title
IBM Security Verify Access unverified password change
Summary
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
Severity ?
5.6 (Medium)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T20:07:29.261341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:08:31.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password."
}
],
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T14:50:54.184Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access unverified password change",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45647",
"datePublished": "2025-01-20T14:50:54.184Z",
"dateReserved": "2024-09-03T13:50:17.060Z",
"dateUpdated": "2025-01-21T20:08:31.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49804 (GCVE-0-2024-49804)
Vulnerability from cvelistv5 – Published: 2024-11-29 16:55 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance privilege escalation
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:23.334682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. \u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncould allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:55:32.323Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49804",
"datePublished": "2024-11-29T16:55:32.323Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49806 (GCVE-0-2024-49806)
Vulnerability from cvelistv5 – Published: 2024-11-29 16:53 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance hard coded credentials
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Severity ?
9.4 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:32.019925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:53:45.208Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49806",
"datePublished": "2024-11-29T16:53:45.208Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49805 (GCVE-0-2024-49805)
Vulnerability from cvelistv5 – Published: 2024-11-29 16:52 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance hard coded credentials
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Severity ?
9.4 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:39.412885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:55:50.852Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49805",
"datePublished": "2024-11-29T16:52:15.174Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49803 (GCVE-0-2024-49803)
Vulnerability from cvelistv5 – Published: 2024-11-29 16:50 – Updated: 2024-11-29 17:09
VLAI?
Title
IBM Security Verify Access Appliance command execution
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T17:02:47.156364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T17:09:49.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.\u003c/span\u003e"
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:50:31.964Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49803",
"datePublished": "2024-11-29T16:50:31.964Z",
"dateReserved": "2024-10-20T13:40:24.084Z",
"dateUpdated": "2024-11-29T17:09:49.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35133 (GCVE-0-2024-35133)
Vulnerability from cvelistv5 – Published: 2024-08-29 16:39 – Updated: 2024-09-21 09:58
VLAI?
Title
IBM Security Verify Access HTTP open redirect
Summary
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Severity ?
6.8 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Security Verify Access |
Affected:
10.0.0 , ≤ 10.0.8
(semver)
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:02:51.567380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:03:12.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
}
],
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-21T09:58:17.795Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7166712"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291026"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access HTTP open redirect",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35133",
"datePublished": "2024-08-29T16:39:43.913Z",
"dateReserved": "2024-05-09T16:27:27.133Z",
"dateUpdated": "2024-09-21T09:58:17.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202404-1065
Vulnerability from variot - Updated: 2025-08-16 23:18IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-1065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security verify access",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "10.0.7"
},
{
"model": "application gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "24.03"
},
{
"model": "application gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "20.01"
},
{
"model": "application gateway",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "security verify access",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "10.0.0 to 10.0.7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"cve": "CVE-2024-28787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2024-28787",
"impactScore": 5.8,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-28787",
"impactScore": 5.8,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-28787",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@us.ibm.com",
"id": "CVE-2024-28787",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-28787",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2024-28787",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"db": "NVD",
"id": "CVE-2024-28787"
},
{
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-28787"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-28787",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027152",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"id": "VAR-202404-1065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.64285713
},
"last_update_date": "2025-08-16T23:18:36.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "7145828 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/7145828"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-650",
"trust": 1.0
},
{
"problemtype": "Server-side allowed HTTP Trust the method (CWE-650) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286584"
},
{
"trust": 1.0,
"url": "https://www.ibm.com/support/pages/node/7145828"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28787"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"date": "2024-04-04T18:15:14.200000",
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-15T02:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-027152"
},
{
"date": "2025-08-14T18:54:13.063000",
"db": "NVD",
"id": "CVE-2024-28787"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0 of \u00a0IBM\u00a0Application\u00a0Gateway\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0 Server-side allowed \u00a0HTTP\u00a0 Method trust vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027152"
}
],
"trust": 0.8
}
}
VAR-202010-1443
Vulnerability from variot - Updated: 2024-11-23 21:35IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 3.6,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security access manager",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "9.0.7"
},
{
"model": "security access manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.7.0"
},
{
"model": "security access manager",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"cve": "CVE-2020-4661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-4661",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2020-59035",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2020-59034",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2020-59033",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-4661",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-4661",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-4661",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2020-4661",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-4661",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-59035",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-59034",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-59033",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-333",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
},
{
"db": "NVD",
"id": "CVE-2020-4661"
},
{
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4661",
"trust": 4.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-59035",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-59034",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-59033",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3499",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-333",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
},
{
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"id": "VAR-202010-1443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
}
],
"trust": 0.18
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
}
]
},
"last_update_date": "2024-11-23T21:35:09.161000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6346619 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/237688"
},
{
"title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59034)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/237685"
},
{
"title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/237682"
},
{
"title": "IBM Security Access Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130220"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/"
},
{
"trust": 1.6,
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4661"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3499/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
},
{
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
},
{
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"date": "2021-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-333"
},
{
"date": "2020-10-12T13:15:12.493000",
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59034"
},
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"date": "2021-04-27T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-012245"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-333"
},
{
"date": "2024-11-21T05:33:03.900000",
"db": "NVD",
"id": "CVE-2020-4661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability regarding information leakage due to difference in response to security-related processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-333"
}
],
"trust": 0.6
}
}
VAR-202010-1451
Vulnerability from variot - Updated: 2024-11-23 21:35IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security access manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.7.0"
},
{
"model": "security access manager",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "security access manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "9.0.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"cve": "CVE-2020-4699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-4699",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2020-59035",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-4699",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-4699",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-4699",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2020-4699",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-4699",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-59035",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-351",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-4699",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "VULMON",
"id": "CVE-2020-4699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
},
{
"db": "NVD",
"id": "CVE-2020-4699"
},
{
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
},
{
"db": "VULMON",
"id": "CVE-2020-4699"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4699",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-59035",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3499",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-351",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-4699",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "VULMON",
"id": "CVE-2020-4699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
},
{
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"id": "VAR-202010-1451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
}
]
},
"last_update_date": "2024-11-23T21:35:09.132000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6346619 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/237688"
},
{
"title": "IBM Security Verify Access and IBM Security Access Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130221"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947"
},
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4699"
},
{
"trust": 1.2,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3499/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "VULMON",
"id": "CVE-2020-4699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
},
{
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"db": "VULMON",
"id": "CVE-2020-4699"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
},
{
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"date": "2020-10-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4699"
},
{
"date": "2021-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-351"
},
{
"date": "2020-10-12T13:15:12.570000",
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59035"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4699"
},
{
"date": "2021-04-27T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-012246"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-351"
},
{
"date": "2024-11-21T05:33:08.713000",
"db": "NVD",
"id": "CVE-2020-4699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability regarding information leakage due to difference in response to security-related processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012246"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-351"
}
],
"trust": 0.6
}
}
VAR-202010-1442
Vulnerability from variot - Updated: 2024-11-23 21:35IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security access manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.7.0"
},
{
"model": "security access manager",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "security access manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "9.0.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"cve": "CVE-2020-4660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-4660",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2020-59033",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-4660",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-4660",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-4660",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2020-4660",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-4660",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-59033",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-322",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
},
{
"db": "NVD",
"id": "CVE-2020-4660"
},
{
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4660",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-59033",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3499",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-322",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
},
{
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"id": "VAR-202010-1442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
}
]
},
"last_update_date": "2024-11-23T21:35:09.106000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6346619 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/237682"
},
{
"title": "IBM Security Access Manager Appliance Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130219"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.ibm.com/support/pages/node/6346619"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4660"
},
{
"trust": 1.2,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3499/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
},
{
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
},
{
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"date": "2021-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-322"
},
{
"date": "2020-10-12T13:15:12.383000",
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59033"
},
{
"date": "2021-04-27T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-012244"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-322"
},
{
"date": "2024-11-21T05:33:03.760000",
"db": "NVD",
"id": "CVE-2020-4660"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability regarding information leakage due to difference in response to security-related processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-322"
}
],
"trust": 0.6
}
}
VAR-202010-1454
Vulnerability from variot - Updated: 2024-11-23 20:20IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Vendor exploits this vulnerability IBM X-Force ID: 182216 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile, and cloud computing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 1.4,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security access manager",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.7.2"
},
{
"model": "security verify access",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security verify access",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "10.0.0.1"
},
{
"model": "security access manager",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.7.0"
},
{
"model": "security access manager",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "security access manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "9.0.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"cve": "CVE-2020-4499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-4499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-57818",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-4499",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-4499",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-4499",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-4499",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2020-4499",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-4499",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-57818",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-651",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-4499",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"db": "VULMON",
"id": "CVE-2020-4499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
},
{
"db": "NVD",
"id": "CVE-2020-4499"
},
{
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Vendor exploits this vulnerability IBM X-Force ID: 182216 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile, and cloud computing",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-4499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
},
{
"db": "VULMON",
"id": "CVE-2020-4499"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-4499",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-57818",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "50180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3558",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-651",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-4499",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"db": "VULMON",
"id": "CVE-2020-4499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
},
{
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"id": "VAR-202010-1454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
}
]
},
"last_update_date": "2024-11-23T20:20:36.271000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6348046 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"title": "Patch for IBM Security Access Manager and IBM Security Verify Access certification bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/237052"
},
{
"title": "IBM Security Access Manager and IBM Security Verify Access Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of authentication (CWE-862) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4499"
},
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3558/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50180"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"db": "VULMON",
"id": "CVE-2020-4499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
},
{
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"db": "VULMON",
"id": "CVE-2020-4499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
},
{
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"date": "2020-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4499"
},
{
"date": "2021-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"date": "2020-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-651"
},
{
"date": "2020-10-15T13:15:12.913000",
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57818"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-4499"
},
{
"date": "2021-04-30T06:32:00",
"db": "JVNDB",
"id": "JVNDB-2020-012332"
},
{
"date": "2020-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-651"
},
{
"date": "2024-11-21T05:32:49.257000",
"db": "NVD",
"id": "CVE-2020-4499"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-651"
}
],
"trust": 0.6
}
}
VAR-202010-0152
Vulnerability from variot - Updated: 2024-11-23 20:10IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Vendor exploits this vulnerability IBM X-Force ID: 165960 Is published as.Information may be obtained and information may be tampered with. The product implements access management control through integrated devices for Web, mobile, and cloud computing. response
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 1.4,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security access manager",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.7.2"
},
{
"model": "security verify access",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security verify access",
"scope": "lt",
"trust": 1.0,
"vendor": "ibm",
"version": "10.0.0.1"
},
{
"model": "security access manager",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "9.0.7.0"
},
{
"model": "security access manager",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "security access manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "9.0.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"cve": "CVE-2019-4552",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-4552",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-57817",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-4552",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-4552",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-4552",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2019-4552",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-4552",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-57817",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-659",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-4552",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"db": "VULMON",
"id": "CVE-2019-4552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
},
{
"db": "NVD",
"id": "CVE-2019-4552"
},
{
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Vendor exploits this vulnerability IBM X-Force ID: 165960 Is published as.Information may be obtained and information may be tampered with. The product implements access management control through integrated devices for Web, mobile, and cloud computing. response",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-4552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
},
{
"db": "VULMON",
"id": "CVE-2019-4552"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-4552",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-57817",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3558",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-659",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-4552",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"db": "VULMON",
"id": "CVE-2019-4552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
},
{
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"id": "VAR-202010-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
}
]
},
"last_update_date": "2024-11-23T20:10:06.317000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6348046 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"title": "Patch for IBM Security Access Manager and IBM Security Verify Access HTTP response splitting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236938"
},
{
"title": "IBM Security Access Manager and IBM Security Verify Access Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130481"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-4552"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960"
},
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6348046"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3558/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"db": "VULMON",
"id": "CVE-2019-4552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
},
{
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"db": "VULMON",
"id": "CVE-2019-4552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
},
{
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"date": "2020-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-4552"
},
{
"date": "2021-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"date": "2020-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-659"
},
{
"date": "2020-10-15T13:15:12.807000",
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57817"
},
{
"date": "2020-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2019-4552"
},
{
"date": "2021-04-30T06:32:00",
"db": "JVNDB",
"id": "JVNDB-2019-016064"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-659"
},
{
"date": "2024-11-21T04:43:43.507000",
"db": "NVD",
"id": "CVE-2019-4552"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016064"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-659"
}
],
"trust": 0.6
}
}
VAR-202106-1008
Vulnerability from variot - Updated: 2024-08-14 14:44IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "20.07"
},
{
"model": "security verify access",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "security verify access",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"cve": "CVE-2021-29665",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-29665",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-38675",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-29665",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-29665",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-29665",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29665",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2021-29665",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-29665",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-38675",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1983",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-29665",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"db": "VULMON",
"id": "CVE-2021-29665"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1983"
},
{
"db": "NVD",
"id": "CVE-2021-29665"
},
{
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29665"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"db": "VULMON",
"id": "CVE-2021-29665"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29665",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-38675",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1983",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-29665",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"db": "VULMON",
"id": "CVE-2021-29665"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1983"
},
{
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"id": "VAR-202106-1008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
}
]
},
"last_update_date": "2024-08-14T14:44:24.366000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6457315 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6457315"
},
{
"title": "Patch for IBM Security Verify Access buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/269306"
},
{
"title": "IBM Application Gateway Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153069"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities have been resolved in IBM Application Gateway (CVE-2021-20576, CVE-2021-20575, CVE-2021-29665)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=88a378c781f076de4893a6cb4e89d3c9"
},
{
"title": "CVE-2021-29665",
"trust": 0.1,
"url": "https://github.com/JamesGeeee/CVE-2021-29665 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"db": "VULMON",
"id": "CVE-2021-29665"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1983"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399"
},
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6457315"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29665"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/jamesgeeee/cve-2021-29665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"db": "VULMON",
"id": "CVE-2021-29665"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1983"
},
{
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"db": "VULMON",
"id": "CVE-2021-29665"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1983"
},
{
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"date": "2021-06-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29665"
},
{
"date": "2022-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"date": "2021-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1983"
},
{
"date": "2021-06-01T14:15:09.843000",
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-38675"
},
{
"date": "2021-06-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29665"
},
{
"date": "2022-02-09T09:07:00",
"db": "JVNDB",
"id": "JVNDB-2021-007391"
},
{
"date": "2021-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1983"
},
{
"date": "2021-06-07T19:37:46.050000",
"db": "NVD",
"id": "CVE-2021-29665"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1983"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007391"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1983"
}
],
"trust": 0.6
}
}
VAR-202106-0517
Vulnerability from variot - Updated: 2024-08-14 14:38IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Vendor is responsible for this vulnerability IBM X-Force ID: 199398 Is published as.Information may be obtained. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies There is an information disclosure vulnerability in the IBM Security Verify Access 20.07 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0517",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 2.4,
"vendor": "ibm",
"version": "20.07"
},
{
"model": "security verify access",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"cve": "CVE-2021-20585",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20585",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-39691",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20585",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20585",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20585",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2021-20585",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-20585",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-39691",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-035",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-20585",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"db": "VULMON",
"id": "CVE-2021-20585"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
},
{
"db": "NVD",
"id": "CVE-2021-20585"
},
{
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Vendor is responsible for this vulnerability IBM X-Force ID: 199398 Is published as.Information may be obtained. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies\nThere is an information disclosure vulnerability in the IBM Security Verify Access 20.07 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20585"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
},
{
"db": "VULMON",
"id": "CVE-2021-20585"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20585",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-39691",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-035",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20585",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"db": "VULMON",
"id": "CVE-2021-20585"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
},
{
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"id": "VAR-202106-0517",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
}
]
},
"last_update_date": "2024-08-14T14:38:00.615000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6457315 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6457315"
},
{
"title": "Patch for IBM Security Verify Access information disclosure vulnerability (CNVD-2021-39691)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/270206"
},
{
"title": "IBM Security Verify Access Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152868"
},
{
"title": "CVE-2021-20585",
"trust": 0.1,
"url": "https://github.com/JamesGeeee/CVE-2021-20585 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"db": "VULMON",
"id": "CVE-2021-20585"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398"
},
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6457315"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20585"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/jamesgeeee/cve-2021-20585"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"db": "VULMON",
"id": "CVE-2021-20585"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
},
{
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"db": "VULMON",
"id": "CVE-2021-20585"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
},
{
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"date": "2021-06-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20585"
},
{
"date": "2021-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"date": "2021-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-035"
},
{
"date": "2021-06-01T14:15:08.663000",
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-39691"
},
{
"date": "2021-06-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20585"
},
{
"date": "2021-07-06T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-001976"
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-035"
},
{
"date": "2021-06-04T18:49:12.977000",
"db": "NVD",
"id": "CVE-2021-20585"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001976"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-035"
}
],
"trust": 0.6
}
}
VAR-202107-0303
Vulnerability from variot - Updated: 2024-08-14 14:37IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813. IBM Security Verify Access Docker There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 198813 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "10.0.0"
},
{
"model": "security verify access",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "security verify access docker",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "10.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"cve": "CVE-2021-20533",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-20533",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-51478",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-20533",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "psirt@us.ibm.com",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.7,
"id": "CVE-2021-20533",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20533",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20533",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2021-20533",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20533",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-51478",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-921",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20533",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "VULMON",
"id": "CVE-2021-20533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
},
{
"db": "NVD",
"id": "CVE-2021-20533"
},
{
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813. IBM Security Verify Access Docker There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 198813 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile and cloud computing",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "VULMON",
"id": "CVE-2021-20533"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20533",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-51478",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-921",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20533",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "VULMON",
"id": "CVE-2021-20533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
},
{
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"id": "VAR-202107-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
}
]
},
"last_update_date": "2024-08-14T14:37:59.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6471895 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6471895"
},
{
"title": "Patch for IBM Security Access Manager command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/279471"
},
{
"title": "IBM Security Access Manager Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156614"
},
{
"title": "CVE-2021-20533",
"trust": 0.1,
"url": "https://github.com/AIPOCAI/CVE-2021-20533 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "VULMON",
"id": "CVE-2021-20533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198813"
},
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6471895"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20533"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/aipocai/cve-2021-20533"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "VULMON",
"id": "CVE-2021-20533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
},
{
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "VULMON",
"id": "CVE-2021-20533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
},
{
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20533"
},
{
"date": "2022-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"date": "2021-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-921"
},
{
"date": "2021-07-15T18:15:09.037000",
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"date": "2021-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20533"
},
{
"date": "2022-05-11T07:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-009593"
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-921"
},
{
"date": "2021-09-29T16:11:28.183000",
"db": "NVD",
"id": "CVE-2021-20533"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Access Manager command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51478"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-921"
}
],
"trust": 0.6
}
}
VAR-202106-0505
Vulnerability from variot - Updated: 2024-08-14 13:43IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application gateway",
"scope": null,
"trust": 1.4,
"vendor": "ibm",
"version": null
},
{
"model": "security verify access",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "20.07"
},
{
"model": "application gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "security verify access",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"cve": "CVE-2021-20575",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20575",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-39673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-378251",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2021-20575",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"id": "CVE-2021-20575",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-20575",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20575",
"trust": 1.0,
"value": "LOW"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2021-20575",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-20575",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2021-39673",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1990",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-378251",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378251"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1990"
},
{
"db": "NVD",
"id": "CVE-2021-20575"
},
{
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20575"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378251"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20575",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007390",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1990",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-39673",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-378251",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378251"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1990"
},
{
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"id": "VAR-202106-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378251"
}
],
"trust": 1.34285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
}
]
},
"last_update_date": "2024-08-14T13:43:31.982000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6457315 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6457315"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-922",
"trust": 1.0
},
{
"problemtype": "Insecure storage of important information (CWE-922) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6457315"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278"
},
{
"trust": 1.2,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20575"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378251"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1990"
},
{
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378251"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1990"
},
{
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-378251"
},
{
"date": "2022-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"date": "2021-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1990"
},
{
"date": "2021-06-01T14:15:08.593000",
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"date": "2021-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-378251"
},
{
"date": "2022-02-09T09:07:00",
"db": "JVNDB",
"id": "JVNDB-2021-007390"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1990"
},
{
"date": "2021-06-07T15:40:54.940000",
"db": "NVD",
"id": "CVE-2021-20575"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1990"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in insecure storage of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007390"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1990"
}
],
"trust": 0.6
}
}
VAR-202106-0506
Vulnerability from variot - Updated: 2024-08-14 13:43IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application.
An information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security verify access",
"scope": "eq",
"trust": 1.8,
"vendor": "ibm",
"version": "20.07"
},
{
"model": "application gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "security verify access",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "application gateway",
"scope": null,
"trust": 0.6,
"vendor": "ibm",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"cve": "CVE-2021-20576",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-20576",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-39673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-378252",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20576",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-20576",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20576",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2021-20576",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-20576",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-39673",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1991",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-378252",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1991"
},
{
"db": "NVD",
"id": "CVE-2021-20576"
},
{
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. \n\r\n\r\nAn information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20576"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378252"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20576",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001973",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1991",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-39673",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-378252",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1991"
},
{
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"id": "VAR-202106-0506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378252"
}
],
"trust": 1.34285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
}
]
},
"last_update_date": "2024-08-14T13:43:31.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "6457315 IBM\u00a0X-Force\u00a0Exchange",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/node/6457315"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.ibm.com/support/pages/node/6457315"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280"
},
{
"trust": 1.2,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20576"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1991"
},
{
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"db": "VULHUB",
"id": "VHN-378252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1991"
},
{
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-378252"
},
{
"date": "2021-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"date": "2021-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1991"
},
{
"date": "2021-06-01T14:15:08.630000",
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-39673"
},
{
"date": "2021-06-04T00:00:00",
"db": "VULHUB",
"id": "VHN-378252"
},
{
"date": "2021-07-06T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-001973"
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1991"
},
{
"date": "2021-06-04T18:29:45.303000",
"db": "NVD",
"id": "CVE-2021-20576"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1991"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001973"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1991"
}
],
"trust": 0.6
}
}