Search Results (7 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36087 1 Ibm 3 Security Verify Access, Security Verify Access Docker, Verify Identity Access 2025-10-20 8.1 High
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2024-56343 1 Ibm 2 Security Verify Access, Verify Identity Access Digital Credentials 2025-08-24 4.3 Medium
IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
CVE-2024-56342 1 Ibm 2 Security Verify Access, Verify Identity Access Digital Credentials 2025-08-24 4.3 Medium
IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2024-45657 1 Ibm 2 Security Verify Access, Verify Identity Access 2025-08-05 5 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVE-2024-43187 1 Ibm 2 Security Verify Access, Verify Identity Access 2025-08-05 5.9 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2024-40700 1 Ibm 2 Security Verify Access, Verify Identity Access 2025-08-05 6.1 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45659 1 Ibm 2 Security Verify Access, Verify Identity Access 2025-08-05 5.3 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.