All the vulnerabilites related to IBM - Security Verify Access
var-202106-0505
Vulnerability from variot
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0505", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "application gateway", "scope": null, "trust": 1.4, "vendor": "ibm", "version": null }, { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "20.07" }, { "model": "application gateway", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "1.0" }, { "model": "security verify access", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "db": "NVD", "id": "CVE-2021-20575" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:application_gateway:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20575" } ] }, "cve": "CVE-2021-20575", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20575", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2021-39673", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-378251", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.5, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-20575", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20575", "trust": 1.8, "value": "LOW" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20575", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-39673", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202105-1990", "trust": 0.6, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-378251", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378251" }, { "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "db": "NVD", "id": "CVE-2021-20575" }, { "db": "NVD", "id": "CVE-2021-20575" }, { "db": "CNNVD", "id": "CNNVD-202105-1990" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information", "sources": [ { "db": "NVD", "id": "CVE-2021-20575" }, { "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378251" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20575", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2021-007390", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202105-1990", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-39673", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-378251", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378251" }, { "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "db": "NVD", "id": "CVE-2021-20575" }, { "db": "CNNVD", "id": "CNNVD-202105-1990" } ] }, "id": "VAR-202106-0505", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378251" } ], "trust": 1.13076225 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" } ] }, "last_update_date": "2023-12-18T13:07:10.132000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6457315 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6457315" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007390" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-922", "trust": 1.0 }, { "problemtype": "Insecure storage of important information (CWE-922) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "db": "NVD", "id": "CVE-2021-20575" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6457315" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20575" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378251" }, { "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "db": "NVD", "id": "CVE-2021-20575" }, { "db": "CNNVD", "id": "CNNVD-202105-1990" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378251" }, { "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "db": "NVD", "id": "CVE-2021-20575" }, { "db": "CNNVD", "id": "CNNVD-202105-1990" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-05T00:00:00", "db": "CNVD", "id": "CNVD-2021-39673" }, { "date": "2021-06-01T00:00:00", "db": "VULHUB", "id": "VHN-378251" }, { "date": "2022-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "date": "2021-06-01T14:15:08.593000", "db": "NVD", "id": "CVE-2021-20575" }, { "date": "2021-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1990" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-06T00:00:00", "db": "CNVD", "id": "CNVD-2021-39673" }, { "date": "2021-06-07T00:00:00", "db": "VULHUB", "id": "VHN-378251" }, { "date": "2022-02-09T09:07:00", "db": "JVNDB", "id": "JVNDB-2021-007390" }, { "date": "2021-06-07T15:40:54.940000", "db": "NVD", "id": "CVE-2021-20575" }, { "date": "2021-06-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1990" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1990" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in insecure storage of important information in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007390" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1990" } ], "trust": 0.6 } }
var-202201-0543
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. Vendor exploits this vulnerability IBM X-Force ID: 209563 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication IBM Security Verify Access has a cross-site scripting vulnerability that stems from vulnerability to cross-site scripting
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0543", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "NVD", "id": "CVE-2021-38895" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-38895" } ] }, "cve": "CVE-2021-38895", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-38895", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.3, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-38895", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-38895", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38895", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202201-564", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "NVD", "id": "CVE-2021-38895" }, { "db": "NVD", "id": "CVE-2021-38895" }, { "db": "CNNVD", "id": "CNNVD-202201-564" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. Vendor exploits this vulnerability IBM X-Force ID: 209563 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nIBM Security Verify Access has a cross-site scripting vulnerability that stems from vulnerability to cross-site scripting", "sources": [ { "db": "NVD", "id": "CVE-2021-38895" }, { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "CNNVD", "id": "CNNVD-202201-564" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38895", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2021-017526", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022011038", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-564", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "NVD", "id": "CVE-2021-38895" }, { "db": "CNNVD", "id": "CNNVD-202201-564" } ] }, "id": "VAR-202201-0543", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T11:10:40.753000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6538418 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "title": "IBM Security Verify Access Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177316" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "CNNVD", "id": "CNNVD-202201-564" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "NVD", "id": "CVE-2021-38895" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38895" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011038" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "NVD", "id": "CVE-2021-38895" }, { "db": "CNNVD", "id": "CNNVD-202201-564" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "db": "NVD", "id": "CVE-2021-38895" }, { "db": "CNNVD", "id": "CNNVD-202201-564" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "date": "2022-01-10T14:10:20.470000", "db": "NVD", "id": "CVE-2021-38895" }, { "date": "2022-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-564" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T06:26:00", "db": "JVNDB", "id": "JVNDB-2021-017526" }, { "date": "2022-01-13T20:19:46.163000", "db": "NVD", "id": "CVE-2021-38895" }, { "date": "2022-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-564" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-564" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0 Cross-site scripting vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017526" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-564" } ], "trust": 0.6 } }
var-202207-0454
Vulnerability from variot
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. Vendor exploits this vulnerability IBM X-Force ID: 225082 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0454", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.3.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "NVD", "id": "CVE-2022-22465" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22465" } ] }, "cve": "CVE-2022-22465", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2022-22465", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.0, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-22465", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22465", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22465", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202207-644", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-22465", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22465" }, { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "NVD", "id": "CVE-2022-22465" }, { "db": "NVD", "id": "CVE-2022-22465" }, { "db": "CNNVD", "id": "CNNVD-202207-644" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. Vendor exploits this vulnerability IBM X-Force ID: 225082 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-22465" }, { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "VULMON", "id": "CVE-2022-22465" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22465", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-015272", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202207-644", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22465", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22465" }, { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "NVD", "id": "CVE-2022-22465" }, { "db": "CNNVD", "id": "CNNVD-202207-644" } ] }, "id": "VAR-202207-0454", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:55:23.167000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6601729 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6601729" }, { "title": "IBM Security Access Manager Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200242" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "CNNVD", "id": "CNNVD-202207-644" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "NVD", "id": "CVE-2022-22465" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6601729" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22465" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22465/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22465" }, { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "NVD", "id": "CVE-2022-22465" }, { "db": "CNNVD", "id": "CNNVD-202207-644" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-22465" }, { "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "db": "NVD", "id": "CVE-2022-22465" }, { "db": "CNNVD", "id": "CNNVD-202207-644" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-08T00:00:00", "db": "VULMON", "id": "CVE-2022-22465" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "date": "2022-07-08T18:15:09.667000", "db": "NVD", "id": "CVE-2022-22465" }, { "date": "2022-07-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-644" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-16T00:00:00", "db": "VULMON", "id": "CVE-2022-22465" }, { "date": "2023-09-26T06:58:00", "db": "JVNDB", "id": "JVNDB-2022-015272" }, { "date": "2022-07-16T01:24:18.297000", "db": "NVD", "id": "CVE-2022-22465" }, { "date": "2022-07-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-644" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-644" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0Appliance\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015272" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-644" } ], "trust": 0.6 } }
var-202401-2519
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-2519", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.7" }, { "model": "security verify access docker", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.7" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31003" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.7", "versionStartIncluding": "10.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.7", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31003" } ] }, "cve": "CVE-2023-31003", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-31003", "trust": 1.0, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-31003", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31003" }, { "db": "NVD", "id": "CVE-2023-31003" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.", "sources": [ { "db": "NVD", "id": "CVE-2023-31003" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-31003", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31003" } ] }, "id": "VAR-202401-2519", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-03-07T22:48:01.098000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-59", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31003" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254658" }, { "trust": 1.0, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31003" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2023-31003" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-11T03:15:09.617000", "db": "NVD", "id": "CVE-2023-31003" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-18T17:06:42.260000", "db": "NVD", "id": "CVE-2023-31003" } ] } }
var-202107-0302
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. Vendor is responsible for this vulnerability IBM X-Force ID: 198661 Is published as.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0302", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "NVD", "id": "CVE-2021-20524" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20524" } ] }, "cve": "CVE-2021-20524", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-20524", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.7, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.7, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.8, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-20524", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "High", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20524", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20524", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-956", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20524", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20524" }, { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "NVD", "id": "CVE-2021-20524" }, { "db": "NVD", "id": "CVE-2021-20524" }, { "db": "CNNVD", "id": "CNNVD-202107-956" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. Vendor is responsible for this vulnerability IBM X-Force ID: 198661 Is published as.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2021-20524" }, { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "VULMON", "id": "CVE-2021-20524" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20524", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009592", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-956", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20524", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20524" }, { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "NVD", "id": "CVE-2021-20524" }, { "db": "CNNVD", "id": "CNNVD-202107-956" } ] }, "id": "VAR-202107-0302", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T12:49:10.475000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Fixes for code injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156645" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "CNNVD", "id": "CNNVD-202107-956" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "NVD", "id": "CVE-2021-20524" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198661" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20524" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20524" }, { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "NVD", "id": "CVE-2021-20524" }, { "db": "CNNVD", "id": "CNNVD-202107-956" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20524" }, { "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "db": "NVD", "id": "CVE-2021-20524" }, { "db": "CNNVD", "id": "CNNVD-202107-956" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20524" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "date": "2021-07-15T18:15:08.997000", "db": "NVD", "id": "CVE-2021-20524" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-956" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-20524" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009592" }, { "date": "2021-09-29T16:11:15.503000", "db": "NVD", "id": "CVE-2021-20524" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-956" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-956" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Cross-site Scripting Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009592" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-956" } ], "trust": 0.6 } }
var-202201-0541
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. Vendor exploits this vulnerability IBM X-Force ID: 210067 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication IBM Security Verify has an encryption issue vulnerability that stems from using a weaker-than-expected encryption algorithm that could allow an attacker to decrypt highly sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0541", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "NVD", "id": "CVE-2021-38921" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-38921" } ] }, "cve": "CVE-2021-38921", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-38921", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-38921", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-38921", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38921", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202201-562", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "NVD", "id": "CVE-2021-38921" }, { "db": "NVD", "id": "CVE-2021-38921" }, { "db": "CNNVD", "id": "CNNVD-202201-562" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. Vendor exploits this vulnerability IBM X-Force ID: 210067 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nIBM Security Verify has an encryption issue vulnerability that stems from using a weaker-than-expected encryption algorithm that could allow an attacker to decrypt highly sensitive information", "sources": [ { "db": "NVD", "id": "CVE-2021-38921" }, { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "CNNVD", "id": "CNNVD-202201-562" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38921", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2021-017527", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022011038", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-562", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "NVD", "id": "CVE-2021-38921" }, { "db": "CNNVD", "id": "CNNVD-202201-562" } ] }, "id": "VAR-202201-0541", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T11:18:52.856000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6538418 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "title": "IBM Security Verify Fixes for encryption problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178039" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "CNNVD", "id": "CNNVD-202201-562" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-327", "trust": 1.0 }, { "problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "NVD", "id": "CVE-2021-38921" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38921" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011038" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "NVD", "id": "CVE-2021-38921" }, { "db": "CNNVD", "id": "CNNVD-202201-562" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "db": "NVD", "id": "CVE-2021-38921" }, { "db": "CNNVD", "id": "CNNVD-202201-562" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "date": "2022-01-10T14:10:20.527000", "db": "NVD", "id": "CVE-2021-38921" }, { "date": "2022-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-562" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T06:28:00", "db": "JVNDB", "id": "JVNDB-2021-017527" }, { "date": "2022-01-13T20:22:52.300000", "db": "NVD", "id": "CVE-2021-38921" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-562" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-562" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0 Vulnerability in using cryptographic algorithms in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017527" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-562" } ], "trust": 0.6 } }
var-202107-0295
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973. Vendor is responsible for this vulnerability IBM X-Force ID: 197973 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0295", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "NVD", "id": "CVE-2021-20499" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20499" } ] }, "cve": "CVE-2021-20499", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20499", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.7, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-20499", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20499", "trust": 1.8, "value": "LOW" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20499", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-907", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2021-20499", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20499" }, { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "NVD", "id": "CVE-2021-20499" }, { "db": "NVD", "id": "CVE-2021-20499" }, { "db": "CNNVD", "id": "CNNVD-202107-907" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973. Vendor is responsible for this vulnerability IBM X-Force ID: 197973 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20499" }, { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "VULMON", "id": "CVE-2021-20499" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20499", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009587", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-907", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20499", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20499" }, { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "NVD", "id": "CVE-2021-20499" }, { "db": "CNNVD", "id": "CNNVD-202107-907" } ] }, "id": "VAR-202107-0295", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:55:51.338000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Remedial measures for debugging information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156600" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "CNNVD", "id": "CNNVD-202107-907" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-209", "trust": 1.0 }, { "problemtype": "Information leakage due to error message (CWE-209) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "NVD", "id": "CVE-2021-20499" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197973" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20499" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/209.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20499" }, { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "NVD", "id": "CVE-2021-20499" }, { "db": "CNNVD", "id": "CNNVD-202107-907" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20499" }, { "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "db": "NVD", "id": "CVE-2021-20499" }, { "db": "CNNVD", "id": "CNNVD-202107-907" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20499" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "date": "2021-07-15T18:15:08.807000", "db": "NVD", "id": "CVE-2021-20499" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-907" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-20499" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009587" }, { "date": "2021-09-29T15:40:55.007000", "db": "NVD", "id": "CVE-2021-20499" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-907" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-907" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Information Leakage Vulnerability in Error Messages", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009587" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "debugging information leaks", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-907" } ], "trust": 0.6 } }
var-202203-1581
Vulnerability from variot
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. The following products and versions are affected: 10.0.0, 10.0.1, 10.0.2, 10.0.3
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1581", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.1" }, { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.3" }, { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.2" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security verify access", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "NVD", "id": "CVE-2022-22311" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22311" } ] }, "cve": "CVE-2022-22311", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2022-22311", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.2, "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-22311", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22311", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22311", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202203-2675", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22311", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22311" }, { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "CNNVD", "id": "CNNVD-202203-2675" }, { "db": "NVD", "id": "CVE-2022-22311" }, { "db": "NVD", "id": "CVE-2022-22311" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. The following products and versions are affected: 10.0.0, 10.0.1, 10.0.2, 10.0.3", "sources": [ { "db": "NVD", "id": "CVE-2022-22311" }, { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "CNNVD", "id": "CNNVD-202203-2675" }, { "db": "VULMON", "id": "CVE-2022-22311" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22311", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-004965", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202203-2675", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22311", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22311" }, { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "CNNVD", "id": "CNNVD-202203-2675" }, { "db": "NVD", "id": "CVE-2022-22311" } ] }, "id": "VAR-202203-1581", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2024-02-13T22:47:42.790000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6568043 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6568043" }, { "title": "IBM Security Verify Access Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=188378" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-rce " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22311" }, { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "CNNVD", "id": "CNNVD-202203-2675" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "NVD", "id": "CVE-2022-22311" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6568043" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22311" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22311/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22311" }, { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "CNNVD", "id": "CNNVD-202203-2675" }, { "db": "NVD", "id": "CVE-2022-22311" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-22311" }, { "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "db": "CNNVD", "id": "CNNVD-202203-2675" }, { "db": "NVD", "id": "CVE-2022-22311" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-31T00:00:00", "db": "VULMON", "id": "CVE-2022-22311" }, { "date": "2023-05-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "date": "2022-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-2675" }, { "date": "2022-03-31T18:15:09.437000", "db": "NVD", "id": "CVE-2022-22311" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-09T00:00:00", "db": "VULMON", "id": "CVE-2022-22311" }, { "date": "2023-05-12T05:54:00", "db": "JVNDB", "id": "JVNDB-2022-004965" }, { "date": "2022-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-2675" }, { "date": "2022-04-09T01:35:04.040000", "db": "NVD", "id": "CVE-2022-22311" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-2675" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Input verification vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004965" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-2675" } ], "trust": 0.6 } }
var-202107-0293
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969. Vendor exploits this vulnerability IBM X-Force ID: 197969 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0293", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "NVD", "id": "CVE-2021-20497" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20497" } ] }, "cve": "CVE-2021-20497", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20497", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-20497", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20497", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20497", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-937", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-20497", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20497" }, { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "NVD", "id": "CVE-2021-20497" }, { "db": "NVD", "id": "CVE-2021-20497" }, { "db": "CNNVD", "id": "CNNVD-202107-937" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969. Vendor exploits this vulnerability IBM X-Force ID: 197969 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20497" }, { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "VULMON", "id": "CVE-2021-20497" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20497", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009657", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-937", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20497", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20497" }, { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "NVD", "id": "CVE-2021-20497" }, { "db": "CNNVD", "id": "CNNVD-202107-937" } ] }, "id": "VAR-202107-0293", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:22:49.870000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Fixes for encryption problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156630" }, { "title": "CVE-2021-20497", "trust": 0.1, "url": "https://github.com/aipocai/cve-2021-20497 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20497" }, { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "CNNVD", "id": "CNNVD-202107-937" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-327", "trust": 1.0 }, { "problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "NVD", "id": "CVE-2021-20497" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197969" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20497" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/327.html" }, { "trust": 0.1, "url": "https://github.com/aipocai/cve-2021-20497" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20497" }, { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "NVD", "id": "CVE-2021-20497" }, { "db": "CNNVD", "id": "CNNVD-202107-937" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20497" }, { "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "db": "NVD", "id": "CVE-2021-20497" }, { "db": "CNNVD", "id": "CNNVD-202107-937" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20497" }, { "date": "2022-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "date": "2021-07-15T18:15:08.730000", "db": "NVD", "id": "CVE-2021-20497" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-937" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-29T00:00:00", "db": "VULMON", "id": "CVE-2021-20497" }, { "date": "2022-05-17T02:23:00", "db": "JVNDB", "id": "JVNDB-2021-009657" }, { "date": "2021-09-29T15:38:01.020000", "db": "NVD", "id": "CVE-2021-20497" }, { "date": "2021-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-937" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-937" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability in using cryptographic algorithms in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009657" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-937" } ], "trust": 0.6 } }
var-202402-1982
Vulnerability from variot
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1982", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "db": "NVD", "id": "CVE-2023-32330" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0.6.1", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-32330" } ] }, "cve": "CVE-2023-32330", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-32330", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-32330", "trust": 1.8, "value": "CRITICAL" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-32330", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "db": "NVD", "id": "CVE-2023-32330" }, { "db": "NVD", "id": "CVE-2023-32330" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-32330" }, { "db": "JVNDB", "id": "JVNDB-2023-025923" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-32330", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2023-025923", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "db": "NVD", "id": "CVE-2023-32330" } ] }, "id": "VAR-202402-1982", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2024-02-20T23:28:21.145000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.0 }, { "problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "db": "NVD", "id": "CVE-2023-32330" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977" }, { "trust": 1.0, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32330" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "db": "NVD", "id": "CVE-2023-32330" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "db": "NVD", "id": "CVE-2023-32330" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "date": "2024-02-07T17:15:08.847000", "db": "NVD", "id": "CVE-2023-32330" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-14T02:56:00", "db": "JVNDB", "id": "JVNDB-2023-025923" }, { "date": "2024-02-10T04:01:19.780000", "db": "NVD", "id": "CVE-2023-32330" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 Certificate validation vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025923" } ], "trust": 0.8 } }
var-202207-0369
Vulnerability from variot
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. Vendor exploits this vulnerability IBM X-Force ID: 225081 It is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0369", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.3.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "NVD", "id": "CVE-2022-22464" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22464" } ] }, "cve": "CVE-2022-22464", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2022-22464", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-22464", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22464", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22464", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202207-645", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-22464", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22464" }, { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "NVD", "id": "CVE-2022-22464" }, { "db": "NVD", "id": "CVE-2022-22464" }, { "db": "CNNVD", "id": "CNNVD-202207-645" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. Vendor exploits this vulnerability IBM X-Force ID: 225081 It is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2022-22464" }, { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "VULMON", "id": "CVE-2022-22464" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22464", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-015277", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202207-645", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22464", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22464" }, { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "NVD", "id": "CVE-2022-22464" }, { "db": "CNNVD", "id": "CNNVD-202207-645" } ] }, "id": "VAR-202207-0369", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:11:57.758000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6601729 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6601729" }, { "title": "IBM Security Access Manager Appliance Fixes for encryption problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200243" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "CNNVD", "id": "CNNVD-202207-645" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-326", "trust": 1.0 }, { "problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "NVD", "id": "CVE-2022-22464" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6601729" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22464" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22464/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/326.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22464" }, { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "NVD", "id": "CVE-2022-22464" }, { "db": "CNNVD", "id": "CNNVD-202207-645" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-22464" }, { "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "db": "NVD", "id": "CVE-2022-22464" }, { "db": "CNNVD", "id": "CNNVD-202207-645" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-08T00:00:00", "db": "VULMON", "id": "CVE-2022-22464" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "date": "2022-07-08T18:15:09.620000", "db": "NVD", "id": "CVE-2022-22464" }, { "date": "2022-07-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-645" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-16T00:00:00", "db": "VULMON", "id": "CVE-2022-22464" }, { "date": "2023-09-26T07:04:00", "db": "JVNDB", "id": "JVNDB-2022-015277" }, { "date": "2022-07-16T01:22:30.297000", "db": "NVD", "id": "CVE-2022-22464" }, { "date": "2022-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-645" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-645" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0Appliance\u00a0 Cryptographic strength vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015277" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-645" } ], "trust": 0.6 } }
var-202402-1506
Vulnerability from variot
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1506", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "db": "NVD", "id": "CVE-2023-43017" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0.6.1", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-43017" } ] }, "cve": "CVE-2023-43017", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.5, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-43017", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-43017", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-43017", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "db": "NVD", "id": "CVE-2023-43017" }, { "db": "NVD", "id": "CVE-2023-43017" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-43017" }, { "db": "JVNDB", "id": "JVNDB-2023-025925" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-43017", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2023-025925", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "db": "NVD", "id": "CVE-2023-43017" } ] }, "id": "VAR-202402-1506", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2024-02-16T22:51:30.771000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.0 }, { "problemtype": "Illegal certificate verification (CWE-295) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "db": "NVD", "id": "CVE-2023-43017" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266155" }, { "trust": 1.0, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-43017" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "db": "NVD", "id": "CVE-2023-43017" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "db": "NVD", "id": "CVE-2023-43017" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "date": "2024-02-07T17:15:09.400000", "db": "NVD", "id": "CVE-2023-43017" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-14T02:56:00", "db": "JVNDB", "id": "JVNDB-2023-025925" }, { "date": "2024-02-10T04:01:04.533000", "db": "NVD", "id": "CVE-2023-43017" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 Certificate validation vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025925" } ], "trust": 0.8 } }
var-202107-0292
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. Vendor exploits this vulnerability IBM X-Force ID: 197966 Is published as.Information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0292", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "NVD", "id": "CVE-2021-20496" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20496" } ] }, "cve": "CVE-2021-20496", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-20496", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-20496", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20496", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20496", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-914", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20496", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20496" }, { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "NVD", "id": "CVE-2021-20496" }, { "db": "NVD", "id": "CVE-2021-20496" }, { "db": "CNNVD", "id": "CNNVD-202107-914" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. Vendor exploits this vulnerability IBM X-Force ID: 197966 Is published as.Information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2021-20496" }, { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "VULMON", "id": "CVE-2021-20496" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20496", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009656", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-914", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20496", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20496" }, { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "NVD", "id": "CVE-2021-20496" }, { "db": "CNNVD", "id": "CNNVD-202107-914" } ] }, "id": "VAR-202107-0292", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T11:57:20.494000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Fixes for permissions and access control issues vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156607" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "CNNVD", "id": "CNNVD-202107-914" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "NVD", "id": "CVE-2021-20496" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197966" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20496" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20496" }, { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "NVD", "id": "CVE-2021-20496" }, { "db": "CNNVD", "id": "CNNVD-202107-914" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20496" }, { "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "db": "NVD", "id": "CVE-2021-20496" }, { "db": "CNNVD", "id": "CNNVD-202107-914" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20496" }, { "date": "2022-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "date": "2021-07-15T18:15:08.693000", "db": "NVD", "id": "CVE-2021-20496" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-914" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-29T00:00:00", "db": "VULMON", "id": "CVE-2021-20496" }, { "date": "2022-05-17T02:23:00", "db": "JVNDB", "id": "JVNDB-2021-009656" }, { "date": "2021-09-29T15:37:38.420000", "db": "NVD", "id": "CVE-2021-20496" }, { "date": "2021-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-914" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-914" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009656" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-914" } ], "trust": 0.6 } }
var-202307-1849
Vulnerability from variot
IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-1849", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30433" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30433" } ] }, "cve": "CVE-2023-30433", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30433", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-30433", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202307-1650", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30433" }, { "db": "NVD", "id": "CVE-2023-30433" }, { "db": "CNNVD", "id": "CNNVD-202307-1650" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186", "sources": [ { "db": "NVD", "id": "CVE-2023-30433" }, { "db": "CNNVD", "id": "CNNVD-202307-1650" }, { "db": "VULMON", "id": "CVE-2023-30433" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30433", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202307-1650", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-30433", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30433" }, { "db": "NVD", "id": "CVE-2023-30433" }, { "db": "CNNVD", "id": "CNNVD-202307-1650" } ] }, "id": "VAR-202307-1849", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:36:08.494000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "IBM Security Verify Access Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246745" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-1650" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-601", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30433" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252186" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/7012613" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30433/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30433" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30433" }, { "db": "NVD", "id": "CVE-2023-30433" }, { "db": "CNNVD", "id": "CNNVD-202307-1650" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-30433" }, { "db": "NVD", "id": "CVE-2023-30433" }, { "db": "CNNVD", "id": "CNNVD-202307-1650" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-19T00:00:00", "db": "VULMON", "id": "CVE-2023-30433" }, { "date": "2023-07-19T01:15:09.833000", "db": "NVD", "id": "CVE-2023-30433" }, { "date": "2023-07-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-1650" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-07-19T00:00:00", "db": "VULMON", "id": "CVE-2023-30433" }, { "date": "2023-07-28T13:57:03.003000", "db": "NVD", "id": "CVE-2023-30433" }, { "date": "2023-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202307-1650" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-1650" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-1650" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202307-1650" } ], "trust": 0.6 } }
var-202305-1185
Vulnerability from variot
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. IBM of Security Verify Access Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-1185", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.5" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.4" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.3" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "NVD", "id": "CVE-2023-25927" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-25927" } ] }, "cve": "CVE-2023-25927", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2023-25927", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2023-25927", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-25927", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202305-1284", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "CNNVD", "id": "CNNVD-202305-1284" }, { "db": "NVD", "id": "CVE-2023-25927" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. IBM of Security Verify Access Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-25927" }, { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "CNNVD", "id": "CNNVD-202305-1284" }, { "db": "VULMON", "id": "CVE-2023-25927" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-25927", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2023-011092", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202305-1284", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-25927", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-25927" }, { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "CNNVD", "id": "CNNVD-202305-1284" }, { "db": "NVD", "id": "CVE-2023-25927" } ] }, "id": "VAR-202305-1185", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-13T22:33:42.689000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6989653 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719" }, { "title": "IBM Security Verify Access Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=238860" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "CNNVD", "id": "CNNVD-202305-1284" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "NVD", "id": "CVE-2023-25927" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719" }, { "trust": 1.1, "url": "https://https://www.ibm.com/support/pages/node/6989653" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25927" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-25927/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-25927" }, { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "CNNVD", "id": "CNNVD-202305-1284" }, { "db": "NVD", "id": "CVE-2023-25927" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-25927" }, { "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "db": "CNNVD", "id": "CNNVD-202305-1284" }, { "db": "NVD", "id": "CVE-2023-25927" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-12T00:00:00", "db": "VULMON", "id": "CVE-2023-25927" }, { "date": "2023-12-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "date": "2023-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202305-1284" }, { "date": "2023-05-12T18:15:00", "db": "NVD", "id": "CVE-2023-25927" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-15T00:00:00", "db": "VULMON", "id": "CVE-2023-25927" }, { "date": "2023-12-12T05:54:00", "db": "JVNDB", "id": "JVNDB-2023-011092" }, { "date": "2023-05-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202305-1284" }, { "date": "2023-05-24T16:35:00", "db": "NVD", "id": "CVE-2023-25927" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-1284" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-011092" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-1284" } ], "trust": 0.6 } }
var-202107-0305
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918. Vendor exploits this vulnerability IBM X-Force ID: 198918 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0305", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "NVD", "id": "CVE-2021-20537" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20537" } ] }, "cve": "CVE-2021-20537", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20537", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-20537", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20537", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20537", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-949", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20537", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20537" }, { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "NVD", "id": "CVE-2021-20537" }, { "db": "NVD", "id": "CVE-2021-20537" }, { "db": "CNNVD", "id": "CNNVD-202107-949" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918. Vendor exploits this vulnerability IBM X-Force ID: 198918 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20537" }, { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "VULMON", "id": "CVE-2021-20537" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20537", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009595", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-949", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20537", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20537" }, { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "NVD", "id": "CVE-2021-20537" }, { "db": "CNNVD", "id": "CNNVD-202107-949" } ] }, "id": "VAR-202107-0305", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T12:16:21.841000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM iConnect Access Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156638" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "CNNVD", "id": "CNNVD-202107-949" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-798", "trust": 1.0 }, { "problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "NVD", "id": "CVE-2021-20537" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198918" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20537" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/798.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20537" }, { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "NVD", "id": "CVE-2021-20537" }, { "db": "CNNVD", "id": "CNNVD-202107-949" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20537" }, { "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "db": "NVD", "id": "CVE-2021-20537" }, { "db": "CNNVD", "id": "CNNVD-202107-949" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20537" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "date": "2021-07-15T18:15:09.110000", "db": "NVD", "id": "CVE-2021-20537" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-949" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-20537" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009595" }, { "date": "2021-09-29T16:11:55.650000", "db": "NVD", "id": "CVE-2021-20537" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-949" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-949" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability in Using Hard Coded Credentials", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009595" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-949" } ], "trust": 0.6 } }
var-202401-1842
Vulnerability from variot
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-1842", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.7" }, { "model": "security verify access docker", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.7" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 that\u0027s all 10.0.0.7" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 that\u0027s all 10.0.0.7" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 that\u0027s all 10.0.0.7" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "db": "NVD", "id": "CVE-2023-38267" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.7", "versionStartIncluding": "10.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.7", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-38267" } ] }, "cve": "CVE-2023-38267", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-38267", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-38267", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-38267", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "db": "NVD", "id": "CVE-2023-38267" }, { "db": "NVD", "id": "CVE-2023-38267" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584", "sources": [ { "db": "NVD", "id": "CVE-2023-38267" }, { "db": "JVNDB", "id": "JVNDB-2024-001395" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-38267", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2024-001395", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "db": "NVD", "id": "CVE-2023-38267" } ] }, "id": "VAR-202401-1842", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-05-25T01:24:49.002000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-311", "trust": 1.0 }, { "problemtype": "Lack of encryption of critical data (CWE-311) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "db": "NVD", "id": "CVE-2023-38267" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260584" }, { "trust": 1.0, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38267" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "db": "NVD", "id": "CVE-2023-38267" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "db": "NVD", "id": "CVE-2023-38267" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "date": "2024-01-11T03:15:09.803000", "db": "NVD", "id": "CVE-2023-38267" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-02T07:56:00", "db": "JVNDB", "id": "JVNDB-2024-001395" }, { "date": "2024-05-24T15:15:23.100000", "db": "NVD", "id": "CVE-2023-38267" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability regarding lack of encryption of critical data in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-001395" } ], "trust": 0.8 } }
var-202010-1451
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1451", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.7.0" }, { "model": "security access manager", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security access manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.7" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "NVD", "id": "CVE-2020-4699" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4699" } ] }, "cve": "CVE-2020-4699", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.9, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-4699", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "id": "CNVD-2020-59035", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-4699", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4699", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4699", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2020-59035", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202010-351", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-4699", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "VULMON", "id": "CVE-2020-4699" }, { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "NVD", "id": "CVE-2020-4699" }, { "db": "NVD", "id": "CVE-2020-4699" }, { "db": "CNNVD", "id": "CNNVD-202010-351" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing", "sources": [ { "db": "NVD", "id": "CVE-2020-4699" }, { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNNVD", "id": "CNNVD-202010-351" }, { "db": "VULMON", "id": "CVE-2020-4699" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4699", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2020-012246", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-59035", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3499", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202010-351", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-4699", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "VULMON", "id": "CVE-2020-4699" }, { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "NVD", "id": "CVE-2020-4699" }, { "db": "CNNVD", "id": "CNNVD-202010-351" } ] }, "id": "VAR-202010-1451", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" } ], "trust": 0.81866737 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" } ] }, "last_update_date": "2023-12-18T12:16:47.979000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6346619 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6346619" }, { "title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/237688" }, { "title": "IBM Security Verify Access and IBM Security Access Manager Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130221" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "CNNVD", "id": "CNNVD-202010-351" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.0 }, { "problemtype": "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "NVD", "id": "CVE-2020-4699" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6346619" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4699" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3499/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/203.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "VULMON", "id": "CVE-2020-4699" }, { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "NVD", "id": "CVE-2020-4699" }, { "db": "CNNVD", "id": "CNNVD-202010-351" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "VULMON", "id": "CVE-2020-4699" }, { "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "db": "NVD", "id": "CVE-2020-4699" }, { "db": "CNNVD", "id": "CNNVD-202010-351" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59035" }, { "date": "2020-10-12T00:00:00", "db": "VULMON", "id": "CVE-2020-4699" }, { "date": "2021-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "date": "2020-10-12T13:15:12.570000", "db": "NVD", "id": "CVE-2020-4699" }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-351" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59035" }, { "date": "2020-10-19T00:00:00", "db": "VULMON", "id": "CVE-2020-4699" }, { "date": "2021-04-27T09:04:00", "db": "JVNDB", "id": "JVNDB-2020-012246" }, { "date": "2020-10-19T15:05:31.833000", "db": "NVD", "id": "CVE-2020-4699" }, { "date": "2020-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-351" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-351" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability regarding information leakage due to difference in response to security-related processing", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012246" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-351" } ], "trust": 0.6 } }
var-202302-0494
Vulnerability from variot
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0494", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.4.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.4.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.3.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.3.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.3.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.4.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "NVD", "id": "CVE-2022-36775" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-36775" } ] }, "cve": "CVE-2022-36775", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-36775", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-36775", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-36775", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202302-611", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "NVD", "id": "CVE-2022-36775" }, { "db": "NVD", "id": "CVE-2022-36775" }, { "db": "CNNVD", "id": "CNNVD-202302-611" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576", "sources": [ { "db": "NVD", "id": "CVE-2022-36775" }, { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "VULMON", "id": "CVE-2022-36775" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-36775", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-016942", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2023.0742", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202302-611", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-36775", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-36775" }, { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "NVD", "id": "CVE-2022-36775" }, { "db": "CNNVD", "id": "CNNVD-202302-611" } ] }, "id": "VAR-202302-0494", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2023-12-18T12:41:49.892000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6953617 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6953617" }, { "title": "IBM WebSphere Application Server Liberty Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226730" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "CNNVD", "id": "CNNVD-202302-611" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-74", "trust": 1.0 }, { "problemtype": "injection (CWE-74) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "NVD", "id": "CVE-2022-36775" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6953617" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36775" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.0742" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-36775/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-36775" }, { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "NVD", "id": "CVE-2022-36775" }, { "db": "CNNVD", "id": "CNNVD-202302-611" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-36775" }, { "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "db": "NVD", "id": "CVE-2022-36775" }, { "db": "CNNVD", "id": "CNNVD-202302-611" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-17T00:00:00", "db": "VULMON", "id": "CVE-2022-36775" }, { "date": "2023-10-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "date": "2023-02-17T17:15:11.137000", "db": "NVD", "id": "CVE-2022-36775" }, { "date": "2023-02-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-611" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-17T00:00:00", "db": "VULMON", "id": "CVE-2022-36775" }, { "date": "2023-10-10T07:52:00", "db": "JVNDB", "id": "JVNDB-2022-016942" }, { "date": "2023-11-07T03:49:40.850000", "db": "NVD", "id": "CVE-2022-36775" }, { "date": "2023-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202302-611" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-611" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Injection vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016942" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202302-611" } ], "trust": 0.6 } }
var-202010-1442
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1442", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.7.0" }, { "model": "security access manager", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security access manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.7" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "NVD", "id": "CVE-2020-4660" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4660" } ] }, "cve": "CVE-2020-4660", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.9, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-4660", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "id": "CNVD-2020-59033", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-4660", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4660", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4660", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2020-59033", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202010-322", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "NVD", "id": "CVE-2020-4660" }, { "db": "NVD", "id": "CVE-2020-4660" }, { "db": "CNNVD", "id": "CNNVD-202010-322" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing", "sources": [ { "db": "NVD", "id": "CVE-2020-4660" }, { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "CNNVD", "id": "CNNVD-202010-322" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4660", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-012244", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-59033", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3499", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202010-322", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "NVD", "id": "CVE-2020-4660" }, { "db": "CNNVD", "id": "CNNVD-202010-322" } ] }, "id": "VAR-202010-1442", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-59033" } ], "trust": 0.81866737 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59033" } ] }, "last_update_date": "2023-12-18T12:16:48.041000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6346619 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6346619" }, { "title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/237682" }, { "title": "IBM Security Access Manager Appliance Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130219" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "CNNVD", "id": "CNNVD-202010-322" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.0 }, { "problemtype": "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "NVD", "id": "CVE-2020-4660" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6346619" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4660" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3499/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "NVD", "id": "CVE-2020-4660" }, { "db": "CNNVD", "id": "CNNVD-202010-322" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "db": "NVD", "id": "CVE-2020-4660" }, { "db": "CNNVD", "id": "CNNVD-202010-322" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59033" }, { "date": "2021-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "date": "2020-10-12T13:15:12.383000", "db": "NVD", "id": "CVE-2020-4660" }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-322" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59033" }, { "date": "2021-04-27T09:04:00", "db": "JVNDB", "id": "JVNDB-2020-012244" }, { "date": "2020-10-19T16:17:35.417000", "db": "NVD", "id": "CVE-2020-4660" }, { "date": "2020-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-322" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-322" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability regarding information leakage due to difference in response to security-related processing", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012244" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-322" } ], "trust": 0.6 } }
var-202010-0152
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Vendor exploits this vulnerability IBM X-Force ID: 165960 Is published as.Information may be obtained and information may be tampered with. The product implements access management control through integrated devices for Web, mobile, and cloud computing. response
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0152", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.4, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.0.7.2" }, { "model": "security verify access", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.1" }, { "model": "security access manager", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.7.0" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security access manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.7" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57817" }, { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "NVD", "id": "CVE-2019-4552" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.7.2", "versionStartIncluding": "9.0.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-4552" } ] }, "cve": "CVE-2019-4552", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-4552", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2020-57817", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2019-4552", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-4552", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2019-4552", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2020-57817", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202010-659", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-4552", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57817" }, { "db": "VULMON", "id": "CVE-2019-4552" }, { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "NVD", "id": "CVE-2019-4552" }, { "db": "NVD", "id": "CVE-2019-4552" }, { "db": "CNNVD", "id": "CNNVD-202010-659" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Vendor exploits this vulnerability IBM X-Force ID: 165960 Is published as.Information may be obtained and information may be tampered with. The product implements access management control through integrated devices for Web, mobile, and cloud computing. response", "sources": [ { "db": "NVD", "id": "CVE-2019-4552" }, { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "CNVD", "id": "CNVD-2020-57817" }, { "db": "CNNVD", "id": "CNNVD-202010-659" }, { "db": "VULMON", "id": "CVE-2019-4552" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-4552", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2019-016064", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-57817", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3558", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202010-659", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-4552", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57817" }, { "db": "VULMON", "id": "CVE-2019-4552" }, { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "NVD", "id": "CVE-2019-4552" }, { "db": "CNNVD", "id": "CNNVD-202010-659" } ] }, "id": "VAR-202010-0152", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-57817" } ], "trust": 0.81866737 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57817" } ] }, "last_update_date": "2023-12-18T11:37:17.642000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6348046 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6348046" }, { "title": "Patch for IBM Security Access Manager and IBM Security Verify Access HTTP response splitting vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/236938" }, { "title": "IBM Security Access Manager and IBM Security Verify Access Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130481" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57817" }, { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "CNNVD", "id": "CNNVD-202010-659" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "Other (CWE-Other) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "NVD", "id": "CVE-2019-4552" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4552" }, { "trust": 1.8, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6348046" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3558/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57817" }, { "db": "VULMON", "id": "CVE-2019-4552" }, { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "NVD", "id": "CVE-2019-4552" }, { "db": "CNNVD", "id": "CNNVD-202010-659" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-57817" }, { "db": "VULMON", "id": "CVE-2019-4552" }, { "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "db": "NVD", "id": "CVE-2019-4552" }, { "db": "CNNVD", "id": "CNNVD-202010-659" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-57817" }, { "date": "2020-10-15T00:00:00", "db": "VULMON", "id": "CVE-2019-4552" }, { "date": "2021-04-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "date": "2020-10-15T13:15:12.807000", "db": "NVD", "id": "CVE-2019-4552" }, { "date": "2020-10-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-659" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-57817" }, { "date": "2020-10-20T00:00:00", "db": "VULMON", "id": "CVE-2019-4552" }, { "date": "2021-04-30T06:32:00", "db": "JVNDB", "id": "JVNDB-2019-016064" }, { "date": "2020-10-20T17:47:20.387000", "db": "NVD", "id": "CVE-2019-4552" }, { "date": "2020-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-659" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-659" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-016064" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-659" } ], "trust": 0.6 } }
var-202201-0460
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. Vendor exploits this vulnerability IBM X-Force ID: 212040 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication An input validation error vulnerability exists in IBM Security Verify Access, which originates from an error in the configuration of a network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0460", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "NVD", "id": "CVE-2021-38957" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-38957" } ] }, "cve": "CVE-2021-38957", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-38957", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.6, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-38957", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-38957", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38957", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202201-570", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "NVD", "id": "CVE-2021-38957" }, { "db": "NVD", "id": "CVE-2021-38957" }, { "db": "CNNVD", "id": "CNNVD-202201-570" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. Vendor exploits this vulnerability IBM X-Force ID: 212040 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nAn input validation error vulnerability exists in IBM Security Verify Access, which originates from an error in the configuration of a network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components", "sources": [ { "db": "NVD", "id": "CVE-2021-38957" }, { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "CNNVD", "id": "CNNVD-202201-570" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38957", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2021-017524", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022011038", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-570", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "NVD", "id": "CVE-2021-38957" }, { "db": "CNNVD", "id": "CNNVD-202201-570" } ] }, "id": "VAR-202201-0460", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T10:52:37.090000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6538418 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "title": "IBM Security Verify Access Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178046" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "CNNVD", "id": "CNNVD-202201-570" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "NVD", "id": "CVE-2021-38957" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38957" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011038" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "NVD", "id": "CVE-2021-38957" }, { "db": "CNNVD", "id": "CNNVD-202201-570" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "db": "NVD", "id": "CVE-2021-38957" }, { "db": "CNNVD", "id": "CNNVD-202201-570" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "date": "2022-01-10T14:10:20.650000", "db": "NVD", "id": "CVE-2021-38957" }, { "date": "2022-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-570" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T06:20:00", "db": "JVNDB", "id": "JVNDB-2021-017524" }, { "date": "2022-01-13T20:37:24.723000", "db": "NVD", "id": "CVE-2021-38957" }, { "date": "2022-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-570" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-570" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0 Input verification vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017524" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-570" } ], "trust": 0.6 } }
var-202010-1443
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1443", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 3.6, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "9.0.7" }, { "model": "security access manager", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0.7.0" }, { "model": "security access manager", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "NVD", "id": "CVE-2020-4661" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4661" } ] }, "cve": "CVE-2020-4661", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.9, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-4661", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "id": "CNVD-2020-59035", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "id": "CNVD-2020-59034", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "id": "CNVD-2020-59033", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-4661", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4661", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4661", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2020-59035", "trust": 0.6, "value": "LOW" }, { "author": "CNVD", "id": "CNVD-2020-59034", "trust": 0.6, "value": "LOW" }, { "author": "CNVD", "id": "CNVD-2020-59033", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202010-333", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "NVD", "id": "CVE-2020-4661" }, { "db": "NVD", "id": "CVE-2020-4661" }, { "db": "CNNVD", "id": "CNNVD-202010-333" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing", "sources": [ { "db": "NVD", "id": "CVE-2020-4661" }, { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "CNNVD", "id": "CNNVD-202010-333" } ], "trust": 3.78 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4661", "trust": 4.2 }, { "db": "JVNDB", "id": "JVNDB-2020-012245", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-59035", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-59034", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-59033", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3499", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202010-333", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "NVD", "id": "CVE-2020-4661" }, { "db": "CNNVD", "id": "CNNVD-202010-333" } ] }, "id": "VAR-202010-1443", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" } ], "trust": 2.01866737 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 1.8 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" } ] }, "last_update_date": "2023-12-18T12:16:48.007000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6346619 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6346619" }, { "title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/237688" }, { "title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59034)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/237685" }, { "title": "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/237682" }, { "title": "IBM Security Access Manager Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130220" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "CNNVD", "id": "CNNVD-202010-333" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.0 }, { "problemtype": "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "NVD", "id": "CVE-2020-4661" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6346619" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4661" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3499/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "NVD", "id": "CVE-2020-4661" }, { "db": "CNNVD", "id": "CNNVD-202010-333" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-59035" }, { "db": "CNVD", "id": "CNVD-2020-59034" }, { "db": "CNVD", "id": "CNVD-2020-59033" }, { "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "db": "NVD", "id": "CVE-2020-4661" }, { "db": "CNNVD", "id": "CNNVD-202010-333" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59035" }, { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59034" }, { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59033" }, { "date": "2021-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "date": "2020-10-12T13:15:12.493000", "db": "NVD", "id": "CVE-2020-4661" }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-333" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59035" }, { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59034" }, { "date": "2020-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2020-59033" }, { "date": "2021-04-27T09:04:00", "db": "JVNDB", "id": "JVNDB-2020-012245" }, { "date": "2020-10-19T15:02:24.347000", "db": "NVD", "id": "CVE-2020-4661" }, { "date": "2020-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-333" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-333" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability regarding information leakage due to difference in response to security-related processing", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012245" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-333" } ], "trust": 0.6 } }
var-202401-2391
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-2391", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.7" }, { "model": "security verify access docker", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.7" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31001" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.7", "versionStartIncluding": "10.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.7", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31001" } ] }, "cve": "CVE-2023-31001", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.4, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-31001", "trust": 1.0, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-31001", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31001" }, { "db": "NVD", "id": "CVE-2023-31001" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.", "sources": [ { "db": "NVD", "id": "CVE-2023-31001" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-31001", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31001" } ] }, "id": "VAR-202401-2391", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-03-07T22:52:24.051000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-257", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31001" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254653" }, { "trust": 1.0, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31001" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2023-31001" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-11T03:15:09.413000", "db": "NVD", "id": "CVE-2023-31001" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-18T17:06:28.277000", "db": "NVD", "id": "CVE-2023-31001" } ] } }
var-202402-0256
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0256", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "db": "NVD", "id": "CVE-2023-31005" } ] }, "cve": "CVE-2023-31005", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-31005", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-31005", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-31005", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "db": "NVD", "id": "CVE-2023-31005" }, { "db": "NVD", "id": "CVE-2023-31005" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-31005" }, { "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "db": "VULMON", "id": "CVE-2023-31005" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-31005", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2023-025818", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-31005", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-31005" }, { "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "db": "NVD", "id": "CVE-2023-31005" } ] }, "id": "VAR-202402-0256", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-02-10T23:17:36.676000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025818" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-269", "trust": 1.0 }, { "problemtype": "Improper authority management (CWE-269) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "db": "NVD", "id": "CVE-2023-31005" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254767" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31005" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/269.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-31005" }, { "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "db": "NVD", "id": "CVE-2023-31005" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-31005" }, { "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "db": "NVD", "id": "CVE-2023-31005" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-03T00:00:00", "db": "VULMON", "id": "CVE-2023-31005" }, { "date": "2024-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "date": "2024-02-03T01:15:08.283000", "db": "NVD", "id": "CVE-2023-31005" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-05T00:00:00", "db": "VULMON", "id": "CVE-2023-31005" }, { "date": "2024-02-09T00:48:00", "db": "JVNDB", "id": "JVNDB-2023-025818" }, { "date": "2024-02-07T16:04:27.170000", "db": "NVD", "id": "CVE-2023-31005" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability in privilege management in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025818" } ], "trust": 0.8 } }
var-202402-0283
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0283", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access docker", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "db": "NVD", "id": "CVE-2023-30999" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0.6.1", "versionStartIncluding": "10.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0.6.1", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30999" } ] }, "cve": "CVE-2023-30999", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2023-30999", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30999", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-30999", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "db": "NVD", "id": "CVE-2023-30999" }, { "db": "NVD", "id": "CVE-2023-30999" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651", "sources": [ { "db": "NVD", "id": "CVE-2023-30999" }, { "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "db": "VULMON", "id": "CVE-2023-30999" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30999", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2023-025797", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-30999", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30999" }, { "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "db": "NVD", "id": "CVE-2023-30999" } ] }, "id": "VAR-202402-0283", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-02-09T22:44:23.480000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025797" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "Resource exhaustion (CWE-400) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "db": "NVD", "id": "CVE-2023-30999" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254651" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30999" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30999" }, { "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "db": "NVD", "id": "CVE-2023-30999" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-30999" }, { "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "db": "NVD", "id": "CVE-2023-30999" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-03T00:00:00", "db": "VULMON", "id": "CVE-2023-30999" }, { "date": "2024-02-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "date": "2024-02-03T01:15:07.850000", "db": "NVD", "id": "CVE-2023-30999" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-05T00:00:00", "db": "VULMON", "id": "CVE-2023-30999" }, { "date": "2024-02-08T01:43:00", "db": "JVNDB", "id": "JVNDB-2023-025797" }, { "date": "2024-02-06T21:31:55.033000", "db": "NVD", "id": "CVE-2023-30999" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Resource exhaustion vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025797" } ], "trust": 0.8 } }
var-202107-0299
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299. Vendor is responsible for this vulnerability IBM X-Force ID: 198299 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0299", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "NVD", "id": "CVE-2021-20510" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20510" } ] }, "cve": "CVE-2021-20510", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20510", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.4, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-20510", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20510", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20510", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-930", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20510", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20510" }, { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "NVD", "id": "CVE-2021-20510" }, { "db": "NVD", "id": "CVE-2021-20510" }, { "db": "CNNVD", "id": "CNNVD-202107-930" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299. Vendor is responsible for this vulnerability IBM X-Force ID: 198299 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20510" }, { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "VULMON", "id": "CVE-2021-20510" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20510", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009589", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-930", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20510", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20510" }, { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "NVD", "id": "CVE-2021-20510" }, { "db": "CNNVD", "id": "CNNVD-202107-930" } ] }, "id": "VAR-202107-0299", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:17:49.776000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Fixes for permissions and access control issues vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156623" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "CNNVD", "id": "CNNVD-202107-930" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-312", "trust": 1.0 }, { "problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "NVD", "id": "CVE-2021-20510" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198299" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20510" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/312.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20510" }, { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "NVD", "id": "CVE-2021-20510" }, { "db": "CNNVD", "id": "CNNVD-202107-930" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20510" }, { "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "db": "NVD", "id": "CVE-2021-20510" }, { "db": "CNNVD", "id": "CNNVD-202107-930" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20510" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "date": "2021-07-15T18:15:08.880000", "db": "NVD", "id": "CVE-2021-20510" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-930" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-20510" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009589" }, { "date": "2021-09-29T15:40:27.307000", "db": "NVD", "id": "CVE-2021-20510" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-930" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-930" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability of important information in plaintext", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009589" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-930" } ], "trust": 0.6 } }
var-202010-1454
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Vendor exploits this vulnerability IBM X-Force ID: 182216 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile, and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1454", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.4, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "9.0.7.2" }, { "model": "security verify access", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.1" }, { "model": "security access manager", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "9.0.7.0" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security access manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "9.0.7" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57818" }, { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "NVD", "id": "CVE-2020-4499" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.7.2", "versionStartIncluding": "9.0.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-4499" } ] }, "cve": "CVE-2020-4499", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-4499", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-57818", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-4499", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-4499", "trust": 1.8, "value": "CRITICAL" }, { "author": "psirt@us.ibm.com", "id": "CVE-2020-4499", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2020-57818", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202010-651", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2020-4499", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57818" }, { "db": "VULMON", "id": "CVE-2020-4499" }, { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "NVD", "id": "CVE-2020-4499" }, { "db": "NVD", "id": "CVE-2020-4499" }, { "db": "CNNVD", "id": "CNNVD-202010-651" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Vendor exploits this vulnerability IBM X-Force ID: 182216 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile, and cloud computing", "sources": [ { "db": "NVD", "id": "CVE-2020-4499" }, { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "CNVD", "id": "CNVD-2020-57818" }, { "db": "CNNVD", "id": "CNNVD-202010-651" }, { "db": "VULMON", "id": "CVE-2020-4499" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-4499", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2020-012332", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-57818", "trust": 0.6 }, { "db": "NSFOCUS", "id": "50180", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3558", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202010-651", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-4499", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57818" }, { "db": "VULMON", "id": "CVE-2020-4499" }, { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "NVD", "id": "CVE-2020-4499" }, { "db": "CNNVD", "id": "CNNVD-202010-651" } ] }, "id": "VAR-202010-1454", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-57818" } ], "trust": 0.81866737 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57818" } ] }, "last_update_date": "2023-12-18T11:39:04.551000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6348046 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6348046" }, { "title": "Patch for IBM Security Access Manager and IBM Security Verify Access certification bypass vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/237052" }, { "title": "IBM Security Access Manager and IBM Security Verify Access Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131300" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57818" }, { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "CNNVD", "id": "CNNVD-202010-651" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of authentication (CWE-862) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "NVD", "id": "CVE-2020-4499" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-4499" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6348046" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3558/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/50180" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-57818" }, { "db": "VULMON", "id": "CVE-2020-4499" }, { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "NVD", "id": "CVE-2020-4499" }, { "db": "CNNVD", "id": "CNNVD-202010-651" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-57818" }, { "db": "VULMON", "id": "CVE-2020-4499" }, { "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "db": "NVD", "id": "CVE-2020-4499" }, { "db": "CNNVD", "id": "CNNVD-202010-651" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-57818" }, { "date": "2020-10-15T00:00:00", "db": "VULMON", "id": "CVE-2020-4499" }, { "date": "2021-04-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "date": "2020-10-15T13:15:12.913000", "db": "NVD", "id": "CVE-2020-4499" }, { "date": "2020-10-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-651" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-57818" }, { "date": "2021-07-21T00:00:00", "db": "VULMON", "id": "CVE-2020-4499" }, { "date": "2021-04-30T06:32:00", "db": "JVNDB", "id": "JVNDB-2020-012332" }, { "date": "2021-07-21T11:39:23.747000", "db": "NVD", "id": "CVE-2020-4499" }, { "date": "2020-11-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202010-651" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-651" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-012332" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202010-651" } ], "trust": 0.6 } }
var-202207-0350
Vulnerability from variot
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. Vendors may IBM X-Force ID: 225079 It is published as.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0350", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.3.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "NVD", "id": "CVE-2022-22463" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22463" } ] }, "cve": "CVE-2022-22463", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2022-22463", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.0, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-22463", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22463", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22463", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202207-654", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22463", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22463" }, { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "NVD", "id": "CVE-2022-22463" }, { "db": "NVD", "id": "CVE-2022-22463" }, { "db": "CNNVD", "id": "CNNVD-202207-654" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. Vendors may IBM X-Force ID: 225079 It is published as.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2022-22463" }, { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "VULMON", "id": "CVE-2022-22463" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22463", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-015279", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202207-654", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22463", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22463" }, { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "NVD", "id": "CVE-2022-22463" }, { "db": "CNNVD", "id": "CNNVD-202207-654" } ] }, "id": "VAR-202207-0350", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:17:17.178000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6601729 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6601729" }, { "title": "IBM Security Access Manager Appliance SQL Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200244" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "CNNVD", "id": "CNNVD-202207-654" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-89", "trust": 1.0 }, { "problemtype": "SQL injection (CWE-89) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "NVD", "id": "CVE-2022-22463" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6601729" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22463" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22463/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/89.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22463" }, { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "NVD", "id": "CVE-2022-22463" }, { "db": "CNNVD", "id": "CNNVD-202207-654" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-22463" }, { "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "db": "NVD", "id": "CVE-2022-22463" }, { "db": "CNNVD", "id": "CNNVD-202207-654" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-08T00:00:00", "db": "VULMON", "id": "CVE-2022-22463" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "date": "2022-07-08T18:15:09.573000", "db": "NVD", "id": "CVE-2022-22463" }, { "date": "2022-07-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-654" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-16T00:00:00", "db": "VULMON", "id": "CVE-2022-22463" }, { "date": "2023-09-26T07:07:00", "db": "JVNDB", "id": "JVNDB-2022-015279" }, { "date": "2022-07-16T01:22:11.270000", "db": "NVD", "id": "CVE-2022-22463" }, { "date": "2022-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-654" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-654" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0Appliance\u00a0 In \u00a0SQL\u00a0 Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015279" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-654" } ], "trust": 0.6 } }
var-202106-0517
Vulnerability from variot
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Vendor is responsible for this vulnerability IBM X-Force ID: 199398 Is published as.Information may be obtained. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies There is an information disclosure vulnerability in the IBM Security Verify Access 20.07 version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0517", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "20.07" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39691" }, { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "NVD", "id": "CVE-2021-20585" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20585" } ] }, "cve": "CVE-2021-20585", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20585", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2021-39691", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-20585", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20585", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20585", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-39691", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-035", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20585", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39691" }, { "db": "VULMON", "id": "CVE-2021-20585" }, { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "NVD", "id": "CVE-2021-20585" }, { "db": "NVD", "id": "CVE-2021-20585" }, { "db": "CNNVD", "id": "CNNVD-202106-035" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Vendor is responsible for this vulnerability IBM X-Force ID: 199398 Is published as.Information may be obtained. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies\nThere is an information disclosure vulnerability in the IBM Security Verify Access 20.07 version", "sources": [ { "db": "NVD", "id": "CVE-2021-20585" }, { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "CNVD", "id": "CNVD-2021-39691" }, { "db": "CNNVD", "id": "CNNVD-202106-035" }, { "db": "VULMON", "id": "CVE-2021-20585" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20585", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2021-001976", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-39691", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-035", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20585", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39691" }, { "db": "VULMON", "id": "CVE-2021-20585" }, { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "NVD", "id": "CVE-2021-20585" }, { "db": "CNNVD", "id": "CNNVD-202106-035" } ] }, "id": "VAR-202106-0517", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-39691" } ], "trust": 0.81866737 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39691" } ] }, "last_update_date": "2023-12-18T13:47:04.902000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6457315 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6457315" }, { "title": "Patch for IBM Security Verify Access information disclosure vulnerability (CNVD-2021-39691)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/270206" }, { "title": "IBM Security Verify Access Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152868" }, { "title": "CVE-2021-20585", "trust": 0.1, "url": "https://github.com/jamesgeeee/cve-2021-20585 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39691" }, { "db": "VULMON", "id": "CVE-2021-20585" }, { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "CNNVD", "id": "CNNVD-202106-035" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "NVD", "id": "CVE-2021-20585" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6457315" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20585" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://github.com/jamesgeeee/cve-2021-20585" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39691" }, { "db": "VULMON", "id": "CVE-2021-20585" }, { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "NVD", "id": "CVE-2021-20585" }, { "db": "CNNVD", "id": "CNNVD-202106-035" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-39691" }, { "db": "VULMON", "id": "CVE-2021-20585" }, { "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "db": "NVD", "id": "CVE-2021-20585" }, { "db": "CNNVD", "id": "CNNVD-202106-035" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-05T00:00:00", "db": "CNVD", "id": "CNVD-2021-39691" }, { "date": "2021-06-01T00:00:00", "db": "VULMON", "id": "CVE-2021-20585" }, { "date": "2021-07-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "date": "2021-06-01T14:15:08.663000", "db": "NVD", "id": "CVE-2021-20585" }, { "date": "2021-06-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-035" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-05T00:00:00", "db": "CNVD", "id": "CNVD-2021-39691" }, { "date": "2021-06-04T00:00:00", "db": "VULMON", "id": "CVE-2021-20585" }, { "date": "2021-07-06T08:12:00", "db": "JVNDB", "id": "JVNDB-2021-001976" }, { "date": "2021-06-04T18:49:12.977000", "db": "NVD", "id": "CVE-2021-20585" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-035" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-035" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Information Disclosure Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001976" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-035" } ], "trust": 0.6 } }
var-202402-0305
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0305", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "db": "NVD", "id": "CVE-2023-31004" } ] }, "cve": "CVE-2023-31004", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.0, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-31004", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-31004", "trust": 1.8, "value": "CRITICAL" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-31004", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "db": "NVD", "id": "CVE-2023-31004" }, { "db": "NVD", "id": "CVE-2023-31004" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-31004" }, { "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "db": "VULMON", "id": "CVE-2023-31004" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-31004", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2023-025837", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-31004", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-31004" }, { "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "db": "NVD", "id": "CVE-2023-31004" } ] }, "id": "VAR-202402-0305", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-02-10T23:03:11.400000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025837" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-300", "trust": 1.0 }, { "problemtype": "man-in-the-middle problem (CWE-300) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "db": "NVD", "id": "CVE-2023-31004" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254765" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31004" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/300.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-31004" }, { "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "db": "NVD", "id": "CVE-2023-31004" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-31004" }, { "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "db": "NVD", "id": "CVE-2023-31004" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-03T00:00:00", "db": "VULMON", "id": "CVE-2023-31004" }, { "date": "2024-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "date": "2024-02-03T01:15:08.060000", "db": "NVD", "id": "CVE-2023-31004" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-05T00:00:00", "db": "VULMON", "id": "CVE-2023-31004" }, { "date": "2024-02-09T01:14:00", "db": "JVNDB", "id": "JVNDB-2023-025837" }, { "date": "2024-02-07T14:42:18.943000", "db": "NVD", "id": "CVE-2023-31004" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Man-in-the-middle vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025837" } ], "trust": 0.8 } }
var-202107-0300
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. Vendor exploits this vulnerability IBM X-Force ID: 198300 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0300", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "NVD", "id": "CVE-2021-20511" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20511" } ] }, "cve": "CVE-2021-20511", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.8, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2021-20511", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.9, "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-20511", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20511", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20511", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-912", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20511", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20511" }, { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "NVD", "id": "CVE-2021-20511" }, { "db": "NVD", "id": "CVE-2021-20511" }, { "db": "CNNVD", "id": "CNNVD-202107-912" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. Vendor exploits this vulnerability IBM X-Force ID: 198300 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20511" }, { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "VULMON", "id": "CVE-2021-20511" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20511", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009590", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-912", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20511", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20511" }, { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "NVD", "id": "CVE-2021-20511" }, { "db": "CNNVD", "id": "CNNVD-202107-912" } ] }, "id": "VAR-202107-0300", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:12:27.324000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156605" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "CNNVD", "id": "CNNVD-202107-912" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.0 }, { "problemtype": "Path traversal (CWE-22) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "NVD", "id": "CVE-2021-20511" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198300" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20511" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20511" }, { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "NVD", "id": "CVE-2021-20511" }, { "db": "CNNVD", "id": "CNNVD-202107-912" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20511" }, { "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "db": "NVD", "id": "CVE-2021-20511" }, { "db": "CNNVD", "id": "CNNVD-202107-912" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20511" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "date": "2021-07-15T18:15:08.917000", "db": "NVD", "id": "CVE-2021-20511" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-912" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-29T00:00:00", "db": "VULMON", "id": "CVE-2021-20511" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009590" }, { "date": "2021-09-29T15:39:43.003000", "db": "NVD", "id": "CVE-2021-20511" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-912" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-912" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Traversal Vulnerability in Japan", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009590" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-912" } ], "trust": 0.6 } }
var-202403-3007
Vulnerability from variot
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-3007", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.6" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "db": "NVD", "id": "CVE-2024-25027" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-25027" } ] }, "cve": "CVE-2024-25027", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-25027", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-25027", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2024-25027", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "db": "NVD", "id": "CVE-2024-25027" }, { "db": "NVD", "id": "CVE-2024-25027" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607", "sources": [ { "db": "NVD", "id": "CVE-2024-25027" }, { "db": "JVNDB", "id": "JVNDB-2024-003065" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-25027", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2024-003065", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "db": "NVD", "id": "CVE-2024-25027" } ] }, "id": "VAR-202403-3007", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2024-04-18T13:29:42.346000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7145400 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7145400" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-311", "trust": 1.0 }, { "problemtype": "Lack of encryption of critical data (CWE-311) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "db": "NVD", "id": "CVE-2024-25027" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281607" }, { "trust": 1.0, "url": "https://www.ibm.com/support/pages/node/7145400" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-25027" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "db": "NVD", "id": "CVE-2024-25027" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "db": "NVD", "id": "CVE-2024-25027" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-04-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "date": "2024-03-31T12:15:50.637000", "db": "NVD", "id": "CVE-2024-25027" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-04-04T00:38:00", "db": "JVNDB", "id": "JVNDB-2024-003065" }, { "date": "2024-04-02T17:57:34.440000", "db": "NVD", "id": "CVE-2024-25027" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability regarding lack of encryption of critical data in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003065" } ], "trust": 0.8 } }
var-202107-0294
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. Vendor is responsible for this vulnerability IBM X-Force ID: 197972 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0294", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "NVD", "id": "CVE-2021-20498" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20498" } ] }, "cve": "CVE-2021-20498", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20498", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-20498", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20498", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20498", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-957", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20498", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20498" }, { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "NVD", "id": "CVE-2021-20498" }, { "db": "NVD", "id": "CVE-2021-20498" }, { "db": "CNNVD", "id": "CNNVD-202107-957" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. Vendor is responsible for this vulnerability IBM X-Force ID: 197972 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20498" }, { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "CNNVD", "id": "CNNVD-202107-957" }, { "db": "VULMON", "id": "CVE-2021-20498" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20498", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009658", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-957", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20498", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20498" }, { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "NVD", "id": "CVE-2021-20498" }, { "db": "CNNVD", "id": "CNNVD-202107-957" } ] }, "id": "VAR-202107-0294", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T14:00:08.222000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Repair measures for log information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156646" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "CNNVD", "id": "CNNVD-202107-957" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "NVD", "id": "CVE-2021-20498" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197972" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20498" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20498" }, { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "NVD", "id": "CVE-2021-20498" }, { "db": "CNNVD", "id": "CNNVD-202107-957" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20498" }, { "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "db": "NVD", "id": "CVE-2021-20498" }, { "db": "CNNVD", "id": "CNNVD-202107-957" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20498" }, { "date": "2022-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "date": "2021-07-15T18:15:08.770000", "db": "NVD", "id": "CVE-2021-20498" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-957" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-21T00:00:00", "db": "VULMON", "id": "CVE-2021-20498" }, { "date": "2022-05-17T02:23:00", "db": "JVNDB", "id": "JVNDB-2021-009658" }, { "date": "2022-07-28T17:04:43.340000", "db": "NVD", "id": "CVE-2021-20498" }, { "date": "2022-04-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-957" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-957" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Information Disclosure Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009658" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-957" } ], "trust": 0.6 } }
var-202201-0293
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. Vendor exploits this vulnerability IBM X-Force ID: 209515 It is published as.Information may be obtained. IBM Security Verify Access (ISAM) is a service provided by IBM in the United States to improve user access security
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0293", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "NVD", "id": "CVE-2021-38894" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-38894" } ] }, "cve": "CVE-2021-38894", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-38894", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.7, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-38894", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-38894", "trust": 1.8, "value": "LOW" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38894", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202201-563", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "NVD", "id": "CVE-2021-38894" }, { "db": "NVD", "id": "CVE-2021-38894" }, { "db": "CNNVD", "id": "CNNVD-202201-563" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. Vendor exploits this vulnerability IBM X-Force ID: 209515 It is published as.Information may be obtained. IBM Security Verify Access (ISAM) is a service provided by IBM in the United States to improve user access security", "sources": [ { "db": "NVD", "id": "CVE-2021-38894" }, { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "CNNVD", "id": "CNNVD-202201-563" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38894", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2021-017525", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022011038", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-563", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "NVD", "id": "CVE-2021-38894" }, { "db": "CNNVD", "id": "CNNVD-202201-563" } ] }, "id": "VAR-202201-0293", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T10:55:42.733000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6538418 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "title": "IBM Security Verify Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178040" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "CNNVD", "id": "CNNVD-202201-563" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-209", "trust": 1.0 }, { "problemtype": "Information leakage due to error message (CWE-209) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "NVD", "id": "CVE-2021-38894" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38894" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011038" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "NVD", "id": "CVE-2021-38894" }, { "db": "CNNVD", "id": "CNNVD-202201-563" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "db": "NVD", "id": "CVE-2021-38894" }, { "db": "CNNVD", "id": "CNNVD-202201-563" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "date": "2022-01-10T14:10:20.410000", "db": "NVD", "id": "CVE-2021-38894" }, { "date": "2022-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-563" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T06:24:00", "db": "JVNDB", "id": "JVNDB-2021-017525" }, { "date": "2022-01-13T20:14:23.457000", "db": "NVD", "id": "CVE-2021-38894" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-563" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-563" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0 Vulnerability regarding information leakage due to error messages in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017525" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-563" } ], "trust": 0.6 } }
var-202107-0684
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. Vendor exploits this vulnerability IBM X-Force ID: 201483 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0684", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "NVD", "id": "CVE-2021-29742" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29742" } ] }, "cve": "CVE-2021-29742", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.1, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.2, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-29742", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.1, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.0, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-29742", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-29742", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-29742", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-934", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-29742", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-29742" }, { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "NVD", "id": "CVE-2021-29742" }, { "db": "NVD", "id": "CVE-2021-29742" }, { "db": "CNNVD", "id": "CNNVD-202107-934" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. Vendor exploits this vulnerability IBM X-Force ID: 201483 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2021-29742" }, { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "VULMON", "id": "CVE-2021-29742" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-29742", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009578", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-934", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-29742", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-29742" }, { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "NVD", "id": "CVE-2021-29742" }, { "db": "CNNVD", "id": "CNNVD-202107-934" } ] }, "id": "VAR-202107-0684", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:37:24.026000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Appliance Fixes for permissions and access control issues vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156627" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "CNNVD", "id": "CNNVD-202107-934" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "NVD", "id": "CVE-2021-29742" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201483" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29742" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-29742" }, { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "NVD", "id": "CVE-2021-29742" }, { "db": "CNNVD", "id": "CNNVD-202107-934" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-29742" }, { "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "db": "NVD", "id": "CVE-2021-29742" }, { "db": "CNNVD", "id": "CNNVD-202107-934" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-29742" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "date": "2021-07-15T18:15:09.190000", "db": "NVD", "id": "CVE-2021-29742" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-934" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-29742" }, { "date": "2022-05-11T04:55:00", "db": "JVNDB", "id": "JVNDB-2021-009578" }, { "date": "2021-09-29T16:12:42.363000", "db": "NVD", "id": "CVE-2021-29742" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-934" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-934" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009578" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-934" } ], "trust": 0.6 } }
var-202107-0304
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814. Vendor exploits this vulnerability IBM X-Force ID: 198814 Is published as.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0304", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "NVD", "id": "CVE-2021-20534" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20534" } ] }, "cve": "CVE-2021-20534", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20534", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 0.9, "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 0.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-20534", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20534", "trust": 1.8, "value": "LOW" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20534", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-941", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2021-20534", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20534" }, { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "NVD", "id": "CVE-2021-20534" }, { "db": "NVD", "id": "CVE-2021-20534" }, { "db": "CNNVD", "id": "CNNVD-202107-941" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814. Vendor exploits this vulnerability IBM X-Force ID: 198814 Is published as.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2021-20534" }, { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "VULMON", "id": "CVE-2021-20534" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20534", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009594", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-941", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20534", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20534" }, { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "NVD", "id": "CVE-2021-20534" }, { "db": "CNNVD", "id": "CNNVD-202107-941" } ] }, "id": "VAR-202107-0304", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:51:31.097000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156634" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "CNNVD", "id": "CNNVD-202107-941" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-601", "trust": 1.0 }, { "problemtype": "Open redirect (CWE-601) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "NVD", "id": "CVE-2021-20534" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198814" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20534" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/601.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20534" }, { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "NVD", "id": "CVE-2021-20534" }, { "db": "CNNVD", "id": "CNNVD-202107-941" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20534" }, { "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "db": "NVD", "id": "CVE-2021-20534" }, { "db": "CNNVD", "id": "CNNVD-202107-941" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20534" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "date": "2021-07-15T18:15:09.073000", "db": "NVD", "id": "CVE-2021-20534" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-941" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-20534" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009594" }, { "date": "2021-09-29T16:11:43.950000", "db": "NVD", "id": "CVE-2021-20534" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-941" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-941" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Open redirect vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009594" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-941" } ], "trust": 0.6 } }
var-202402-0122
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0122", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "db": "NVD", "id": "CVE-2023-31006" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0.6.1", "versionStartIncluding": "10.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0.6.1", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-31006" } ] }, "cve": "CVE-2023-31006", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2023-31006", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-31006", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-31006", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "db": "NVD", "id": "CVE-2023-31006" }, { "db": "NVD", "id": "CVE-2023-31006" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776", "sources": [ { "db": "NVD", "id": "CVE-2023-31006" }, { "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "db": "VULMON", "id": "CVE-2023-31006" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-31006", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2023-025842", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-31006", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-31006" }, { "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "db": "NVD", "id": "CVE-2023-31006" } ] }, "id": "VAR-202402-0122", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-02-10T23:09:20.840000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025842" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "db": "NVD", "id": "CVE-2023-31006" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254776" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-31006" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-31006" }, { "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "db": "NVD", "id": "CVE-2023-31006" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-31006" }, { "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "db": "NVD", "id": "CVE-2023-31006" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-03T00:00:00", "db": "VULMON", "id": "CVE-2023-31006" }, { "date": "2024-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "date": "2024-02-03T01:15:08.467000", "db": "NVD", "id": "CVE-2023-31006" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-05T00:00:00", "db": "VULMON", "id": "CVE-2023-31006" }, { "date": "2024-02-09T02:09:00", "db": "JVNDB", "id": "JVNDB-2023-025842" }, { "date": "2024-02-07T16:39:47.010000", "db": "NVD", "id": "CVE-2023-31006" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025842" } ], "trust": 0.8 } }
var-202201-0359
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038. Vendor exploits this vulnerability IBM X-Force ID: 212038 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication IBM Security Verify has an information disclosure vulnerability that stems from the possible disclosure of sensitive version information in HTTP response headers, which could facilitate further attacks on the system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0359", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "NVD", "id": "CVE-2021-38956" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-38956" } ] }, "cve": "CVE-2021-38956", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-38956", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-38956", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-38956", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-38956", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202201-559", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "NVD", "id": "CVE-2021-38956" }, { "db": "NVD", "id": "CVE-2021-38956" }, { "db": "CNNVD", "id": "CNNVD-202201-559" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038. Vendor exploits this vulnerability IBM X-Force ID: 212038 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nIBM Security Verify has an information disclosure vulnerability that stems from the possible disclosure of sensitive version information in HTTP response headers, which could facilitate further attacks on the system", "sources": [ { "db": "NVD", "id": "CVE-2021-38956" }, { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "CNNVD", "id": "CNNVD-202201-559" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38956", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2021-017523", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022011038", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-559", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "NVD", "id": "CVE-2021-38956" }, { "db": "CNNVD", "id": "CNNVD-202201-559" } ] }, "id": "VAR-202201-0359", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T10:52:14.086000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6538418 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "title": "IBM Security Verify Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177311" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "CNNVD", "id": "CNNVD-202201-559" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "NVD", "id": "CVE-2021-38956" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6538418" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38956" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011038" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "NVD", "id": "CVE-2021-38956" }, { "db": "CNNVD", "id": "CNNVD-202201-559" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "db": "NVD", "id": "CVE-2021-38956" }, { "db": "CNNVD", "id": "CNNVD-202201-559" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "date": "2022-01-10T14:10:20.593000", "db": "NVD", "id": "CVE-2021-38956" }, { "date": "2022-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-559" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-24T06:14:00", "db": "JVNDB", "id": "JVNDB-2021-017523" }, { "date": "2022-01-13T20:34:22.247000", "db": "NVD", "id": "CVE-2021-38956" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-559" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-559" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0 Vulnerability regarding information leakage in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-017523" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-559" } ], "trust": 0.6 } }
var-202402-0187
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0187", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "db": "NVD", "id": "CVE-2023-32327" } ] }, "cve": "CVE-2023-32327", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-32327", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-32327", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-32327", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "db": "NVD", "id": "CVE-2023-32327" }, { "db": "NVD", "id": "CVE-2023-32327" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783", "sources": [ { "db": "NVD", "id": "CVE-2023-32327" }, { "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "db": "VULMON", "id": "CVE-2023-32327" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-32327", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2024-002252", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-32327", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-32327" }, { "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "db": "NVD", "id": "CVE-2023-32327" } ] }, "id": "VAR-202402-0187", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-02-10T23:16:03.025000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-002252" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-611", "trust": 1.0 }, { "problemtype": "XML Improper restriction of external entity references (CWE-611) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "db": "NVD", "id": "CVE-2023-32327" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254783" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32327" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/611.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-32327" }, { "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "db": "NVD", "id": "CVE-2023-32327" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-32327" }, { "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "db": "NVD", "id": "CVE-2023-32327" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-03T00:00:00", "db": "VULMON", "id": "CVE-2023-32327" }, { "date": "2024-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "date": "2024-02-03T01:15:08.653000", "db": "NVD", "id": "CVE-2023-32327" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-05T00:00:00", "db": "VULMON", "id": "CVE-2023-32327" }, { "date": "2024-02-09T02:06:00", "db": "JVNDB", "id": "JVNDB-2024-002252" }, { "date": "2024-02-07T16:16:58.450000", "db": "NVD", "id": "CVE-2023-32327" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-002252" } ], "trust": 0.8 } }
var-202402-0149
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0149", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "db": "NVD", "id": "CVE-2023-32329" } ] }, "cve": "CVE-2023-32329", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.5, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2023-32329", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-32329", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-32329", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "db": "NVD", "id": "CVE-2023-32329" }, { "db": "NVD", "id": "CVE-2023-32329" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972", "sources": [ { "db": "NVD", "id": "CVE-2023-32329" }, { "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "db": "VULMON", "id": "CVE-2023-32329" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-32329", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2023-025839", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-32329", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-32329" }, { "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "db": "NVD", "id": "CVE-2023-32329" } ] }, "id": "VAR-202402-0149", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-02-10T23:16:31.636000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025839" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-345", "trust": 1.0 }, { "problemtype": "Inadequate verification of data reliability (CWE-345) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "db": "NVD", "id": "CVE-2023-32329" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254972" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32329" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/345.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-32329" }, { "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "db": "NVD", "id": "CVE-2023-32329" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-32329" }, { "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "db": "NVD", "id": "CVE-2023-32329" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-03T00:00:00", "db": "VULMON", "id": "CVE-2023-32329" }, { "date": "2024-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "date": "2024-02-03T01:15:08.847000", "db": "NVD", "id": "CVE-2023-32329" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-05T00:00:00", "db": "VULMON", "id": "CVE-2023-32329" }, { "date": "2024-02-09T01:21:00", "db": "JVNDB", "id": "JVNDB-2023-025839" }, { "date": "2024-02-07T14:58:45.913000", "db": "NVD", "id": "CVE-2023-32329" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Inadequate validation of data reliability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025839" } ], "trust": 0.8 } }
var-202107-0677
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. Vendor exploits this vulnerability IBM X-Force ID: 200600 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0677", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "NVD", "id": "CVE-2021-29699" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29699" } ] }, "cve": "CVE-2021-29699", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-29699", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.7, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.8, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-29699", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-29699", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-29699", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-958", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-29699", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-29699" }, { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "NVD", "id": "CVE-2021-29699" }, { "db": "NVD", "id": "CVE-2021-29699" }, { "db": "CNNVD", "id": "CNNVD-202107-958" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. Vendor exploits this vulnerability IBM X-Force ID: 200600 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", "sources": [ { "db": "NVD", "id": "CVE-2021-29699" }, { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "VULMON", "id": "CVE-2021-29699" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-29699", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009577", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-958", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-29699", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-29699" }, { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "NVD", "id": "CVE-2021-29699" }, { "db": "CNNVD", "id": "CNNVD-202107-958" } ] }, "id": "VAR-202107-0677", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:12:27.144000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156647" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "CNNVD", "id": "CNNVD-202107-958" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-434", "trust": 1.0 }, { "problemtype": "Unlimited upload of dangerous types of files (CWE-434) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "NVD", "id": "CVE-2021-29699" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200600" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29699" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-29699" }, { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "NVD", "id": "CVE-2021-29699" }, { "db": "CNNVD", "id": "CNNVD-202107-958" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-29699" }, { "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "db": "NVD", "id": "CVE-2021-29699" }, { "db": "CNNVD", "id": "CNNVD-202107-958" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-29699" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "date": "2021-07-15T18:15:09.153000", "db": "NVD", "id": "CVE-2021-29699" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-958" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-29699" }, { "date": "2022-05-11T04:55:00", "db": "JVNDB", "id": "JVNDB-2021-009577" }, { "date": "2021-09-29T16:12:09.137000", "db": "NVD", "id": "CVE-2021-29699" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-958" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-958" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Unlimited Upload Vulnerability in File Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009577" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-958" } ], "trust": 0.6 } }
var-202202-1031
Vulnerability from variot
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. Vendor exploits this vulnerability IBM X-Force ID: 215353 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1031", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access docker", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security verify access docker", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "NVD", "id": "CVE-2021-39070" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-39070" } ] }, "cve": "CVE-2021-39070", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-39070", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-39070", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-39070", "trust": 1.8, "value": "CRITICAL" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-39070", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202202-135", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "NVD", "id": "CVE-2021-39070" }, { "db": "NVD", "id": "CVE-2021-39070" }, { "db": "CNNVD", "id": "CNNVD-202202-135" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. Vendor exploits this vulnerability IBM X-Force ID: 215353 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2021-39070" }, { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "CNNVD", "id": "CNNVD-202202-135" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-39070", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2021-018290", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202202-135", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "NVD", "id": "CVE-2021-39070" }, { "db": "CNNVD", "id": "CNNVD-202202-135" } ] }, "id": "VAR-202202-1031", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2023-12-18T13:51:14.193000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6552318 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6552318" }, { "title": "IBM Security Verify Access Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180228" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "CNNVD", "id": "CNNVD-202202-135" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "NVD", "id": "CVE-2021-39070" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215353" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/node/6552318" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39070" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "NVD", "id": "CVE-2021-39070" }, { "db": "CNNVD", "id": "CNNVD-202202-135" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "db": "NVD", "id": "CVE-2021-39070" }, { "db": "CNNVD", "id": "CNNVD-202202-135" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "date": "2022-02-02T12:15:08.140000", "db": "NVD", "id": "CVE-2021-39070" }, { "date": "2022-02-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-135" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-08T06:23:00", "db": "JVNDB", "id": "JVNDB-2021-018290" }, { "date": "2022-07-12T17:42:04.277000", "db": "NVD", "id": "CVE-2021-39070" }, { "date": "2022-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-135" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-135" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-018290" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-135" } ], "trust": 0.6 } }
var-202106-1008
Vulnerability from variot
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1008", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 2.4, "vendor": "ibm", "version": "20.07" }, { "model": "security verify access", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-38675" }, { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "NVD", "id": "CVE-2021-29665" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29665" } ] }, "cve": "CVE-2021-29665", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-29665", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CNVD-2021-38675", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-29665", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-29665", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-29665", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2021-38675", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202105-1983", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-29665", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-38675" }, { "db": "VULMON", "id": "CVE-2021-29665" }, { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "NVD", "id": "CVE-2021-29665" }, { "db": "NVD", "id": "CVE-2021-29665" }, { "db": "CNNVD", "id": "CNNVD-202105-1983" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies", "sources": [ { "db": "NVD", "id": "CVE-2021-29665" }, { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "CNVD", "id": "CNVD-2021-38675" }, { "db": "VULMON", "id": "CVE-2021-29665" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-29665", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2021-007391", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-38675", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202105-1983", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-29665", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-38675" }, { "db": "VULMON", "id": "CVE-2021-29665" }, { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "NVD", "id": "CVE-2021-29665" }, { "db": "CNNVD", "id": "CNNVD-202105-1983" } ] }, "id": "VAR-202106-1008", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-38675" } ], "trust": 0.81866737 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-38675" } ] }, "last_update_date": "2023-12-18T12:49:11.442000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6457315 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6457315" }, { "title": "Patch for IBM Security Verify Access buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/269306" }, { "title": "IBM Application Gateway Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153069" }, { "title": "IBM: Security Bulletin: Multiple Security Vulnerabilities have been resolved in IBM Application Gateway (CVE-2021-20576, CVE-2021-20575, CVE-2021-29665)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=88a378c781f076de4893a6cb4e89d3c9" }, { "title": "CVE-2021-29665", "trust": 0.1, "url": "https://github.com/jamesgeeee/cve-2021-29665 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-38675" }, { "db": "VULMON", "id": "CVE-2021-29665" }, { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "CNNVD", "id": "CNNVD-202105-1983" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "NVD", "id": "CVE-2021-29665" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6457315" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29665" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/jamesgeeee/cve-2021-29665" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-38675" }, { "db": "VULMON", "id": "CVE-2021-29665" }, { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "NVD", "id": "CVE-2021-29665" }, { "db": "CNNVD", "id": "CNNVD-202105-1983" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-38675" }, { "db": "VULMON", "id": "CVE-2021-29665" }, { "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "db": "NVD", "id": "CVE-2021-29665" }, { "db": "CNNVD", "id": "CNNVD-202105-1983" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-02T00:00:00", "db": "CNVD", "id": "CNVD-2021-38675" }, { "date": "2021-06-01T00:00:00", "db": "VULMON", "id": "CVE-2021-29665" }, { "date": "2022-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "date": "2021-06-01T14:15:09.843000", "db": "NVD", "id": "CVE-2021-29665" }, { "date": "2021-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1983" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-02T00:00:00", "db": "CNVD", "id": "CNVD-2021-38675" }, { "date": "2021-06-07T00:00:00", "db": "VULMON", "id": "CVE-2021-29665" }, { "date": "2022-02-09T09:07:00", "db": "JVNDB", "id": "JVNDB-2021-007391" }, { "date": "2021-06-07T19:37:46.050000", "db": "NVD", "id": "CVE-2021-29665" }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1983" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1983" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007391" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1983" } ], "trust": 0.6 } }
var-202107-0303
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813. IBM Security Verify Access Docker There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 198813 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0303", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security verify access docker", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "10.0.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "NVD", "id": "CVE-2021-20533" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20533" } ] }, "cve": "CVE-2021-20533", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20533", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2021-51478", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.7, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-20533", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20533", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20533", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-51478", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-921", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-20533", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "VULMON", "id": "CVE-2021-20533" }, { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "NVD", "id": "CVE-2021-20533" }, { "db": "NVD", "id": "CVE-2021-20533" }, { "db": "CNNVD", "id": "CNNVD-202107-921" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813. IBM Security Verify Access Docker There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 198813 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile and cloud computing", "sources": [ { "db": "NVD", "id": "CVE-2021-20533" }, { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "VULMON", "id": "CVE-2021-20533" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20533", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2021-009593", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-51478", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-921", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20533", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "VULMON", "id": "CVE-2021-20533" }, { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "NVD", "id": "CVE-2021-20533" }, { "db": "CNNVD", "id": "CNNVD-202107-921" } ] }, "id": "VAR-202107-0303", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" } ], "trust": 1.2093336849999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" } ] }, "last_update_date": "2023-12-18T13:07:08.872000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "Patch for IBM Security Access Manager command injection vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/279471" }, { "title": "IBM Security Access Manager Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156614" }, { "title": "CVE-2021-20533", "trust": 0.1, "url": "https://github.com/aipocai/cve-2021-20533 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "VULMON", "id": "CVE-2021-20533" }, { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "CNNVD", "id": "CNNVD-202107-921" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "NVD", "id": "CVE-2021-20533" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198813" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20533" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://github.com/aipocai/cve-2021-20533" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "VULMON", "id": "CVE-2021-20533" }, { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "NVD", "id": "CVE-2021-20533" }, { "db": "CNNVD", "id": "CNNVD-202107-921" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "VULMON", "id": "CVE-2021-20533" }, { "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "db": "NVD", "id": "CVE-2021-20533" }, { "db": "CNNVD", "id": "CNNVD-202107-921" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-17T00:00:00", "db": "CNVD", "id": "CNVD-2021-51478" }, { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20533" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "date": "2021-07-15T18:15:09.037000", "db": "NVD", "id": "CVE-2021-20533" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-921" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-17T00:00:00", "db": "CNVD", "id": "CNVD-2021-51478" }, { "date": "2021-09-29T00:00:00", "db": "VULMON", "id": "CVE-2021-20533" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009593" }, { "date": "2021-09-29T16:11:28.183000", "db": "NVD", "id": "CVE-2021-20533" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-921" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-921" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager command injection vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2021-51478" }, { "db": "CNNVD", "id": "CNNVD-202107-921" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-921" } ], "trust": 0.6 } }
var-202402-1514
Vulnerability from variot
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. IBM of Security Verify Access Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1514", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "db": "NVD", "id": "CVE-2023-32328" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0.6.1", "versionStartIncluding": "10.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-32328" } ] }, "cve": "CVE-2023-32328", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-32328", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-32328", "trust": 1.8, "value": "CRITICAL" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-32328", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "db": "NVD", "id": "CVE-2023-32328" }, { "db": "NVD", "id": "CVE-2023-32328" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. IBM of Security Verify Access Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-32328" }, { "db": "JVNDB", "id": "JVNDB-2023-025922" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-32328", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2023-025922", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "db": "NVD", "id": "CVE-2023-32328" } ] }, "id": "VAR-202402-1514", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2024-02-16T22:33:21.305000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-319", "trust": 1.0 }, { "problemtype": "Sending important information in clear text (CWE-319) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "db": "NVD", "id": "CVE-2023-32328" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657" }, { "trust": 1.0, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32328" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "db": "NVD", "id": "CVE-2023-32328" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "db": "NVD", "id": "CVE-2023-32328" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "date": "2024-02-07T17:15:08.627000", "db": "NVD", "id": "CVE-2023-32328" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-14T02:56:00", "db": "JVNDB", "id": "JVNDB-2023-025922" }, { "date": "2024-02-10T04:03:48.223000", "db": "NVD", "id": "CVE-2023-32328" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in plaintext transmission of important information in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025922" } ], "trust": 0.8 } }
var-202107-0285
Vulnerability from variot
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0285", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security access manager", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "9.0" }, { "model": "security access manager", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "NVD", "id": "CVE-2021-20439" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_access_manager:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20439" } ] }, "cve": "CVE-2021-20439", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20439", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-20439", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20439", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20439", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-976", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-20439", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20439" }, { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "NVD", "id": "CVE-2021-20439" }, { "db": "NVD", "id": "CVE-2021-20439" }, { "db": "CNNVD", "id": "CNNVD-202107-976" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user", "sources": [ { "db": "NVD", "id": "CVE-2021-20439" }, { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "VULMON", "id": "CVE-2021-20439" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20439", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-010100", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-976", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20439", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20439" }, { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "NVD", "id": "CVE-2021-20439" }, { "db": "CNNVD", "id": "CNNVD-202107-976" } ] }, "id": "VAR-202107-0285", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T14:04:19.718000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471903 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471903" }, { "title": "IBM Security Access Manager Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156663" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "CNNVD", "id": "CNNVD-202107-976" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-522", "trust": 1.0 }, { "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "NVD", "id": "CVE-2021-20439" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471903" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20439" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-was-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-docker-containers/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/522.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20439" }, { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "NVD", "id": "CVE-2021-20439" }, { "db": "CNNVD", "id": "CNNVD-202107-976" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20439" }, { "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "db": "NVD", "id": "CVE-2021-20439" }, { "db": "CNNVD", "id": "CNNVD-202107-976" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20439" }, { "date": "2022-06-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "date": "2021-07-15T16:15:09.410000", "db": "NVD", "id": "CVE-2021-20439" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-976" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-31T00:00:00", "db": "VULMON", "id": "CVE-2021-20439" }, { "date": "2022-06-17T06:01:00", "db": "JVNDB", "id": "JVNDB-2021-010100" }, { "date": "2021-07-31T00:55:04.620000", "db": "NVD", "id": "CVE-2021-20439" }, { "date": "2021-08-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-976" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-976" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Access\u00a0Manager\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability regarding insufficient protection of authentication information in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010100" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-976" } ], "trust": 0.6 } }
var-202107-0301
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660. Vendor is responsible for this vulnerability IBM X-Force ID: 198660 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0301", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "NVD", "id": "CVE-2021-20523" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20523" } ] }, "cve": "CVE-2021-20523", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20523", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.7, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-20523", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20523", "trust": 1.8, "value": "LOW" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20523", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202107-968", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2021-20523", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20523" }, { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "NVD", "id": "CVE-2021-20523" }, { "db": "NVD", "id": "CVE-2021-20523" }, { "db": "CNNVD", "id": "CNNVD-202107-968" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660. Vendor is responsible for this vulnerability IBM X-Force ID: 198660 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20523" }, { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "VULMON", "id": "CVE-2021-20523" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20523", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009591", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-968", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20523", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20523" }, { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "NVD", "id": "CVE-2021-20523" }, { "db": "CNNVD", "id": "CNNVD-202107-968" } ] }, "id": "VAR-202107-0301", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T12:42:26.070000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Remedial measures for debugging information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156657" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "CNNVD", "id": "CNNVD-202107-968" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-209", "trust": 1.0 }, { "problemtype": "Information leakage due to error message (CWE-209) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "NVD", "id": "CVE-2021-20523" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198660" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20523" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/209.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20523" }, { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "NVD", "id": "CVE-2021-20523" }, { "db": "CNNVD", "id": "CNNVD-202107-968" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20523" }, { "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "db": "NVD", "id": "CVE-2021-20523" }, { "db": "CNNVD", "id": "CNNVD-202107-968" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20523" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "date": "2021-07-15T18:15:08.957000", "db": "NVD", "id": "CVE-2021-20523" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-968" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-20523" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009591" }, { "date": "2021-09-29T16:11:00.353000", "db": "NVD", "id": "CVE-2021-20523" }, { "date": "2021-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-968" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-968" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Information Leakage Vulnerability in Error Messages", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009591" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "debugging information leaks", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-968" } ], "trust": 0.6 } }
var-202402-0322
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0322", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access docker", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access docker", "scope": "lte", "trust": 1.0, "vendor": "ibm", "version": "10.0.6.1" }, { "model": "security verify access docker", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0.0.0 to 10.0.6.1" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "docker 10.0.0.0 to 10.0.6.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "db": "NVD", "id": "CVE-2023-43016" } ] }, "cve": "CVE-2023-43016", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 7.3, "baseSeverity": "High", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2023-43016", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-43016", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2023-43016", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "db": "NVD", "id": "CVE-2023-43016" }, { "db": "NVD", "id": "CVE-2023-43016" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-43016" }, { "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "db": "VULMON", "id": "CVE-2023-43016" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-43016", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2023-025838", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-43016", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-43016" }, { "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "db": "NVD", "id": "CVE-2023-43016" } ] }, "id": "VAR-202402-0322", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.609333685 }, "last_update_date": "2024-02-10T23:18:32.030000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "7106586 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/7106586" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025838" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-521", "trust": 1.0 }, { "problemtype": "Weak password request (CWE-521) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "db": "NVD", "id": "CVE-2023-43016" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://www.ibm.com/support/pages/node/7106586" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266154" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-43016" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-43016" }, { "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "db": "NVD", "id": "CVE-2023-43016" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-43016" }, { "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "db": "NVD", "id": "CVE-2023-43016" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-03T00:00:00", "db": "VULMON", "id": "CVE-2023-43016" }, { "date": "2024-02-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "date": "2024-02-03T01:15:09.030000", "db": "NVD", "id": "CVE-2023-43016" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-02-05T00:00:00", "db": "VULMON", "id": "CVE-2023-43016" }, { "date": "2024-02-09T01:17:00", "db": "JVNDB", "id": "JVNDB-2023-025838" }, { "date": "2024-02-07T14:43:52.090000", "db": "NVD", "id": "CVE-2023-43016" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0 of \u00a0Security\u00a0Verify\u00a0Access\u00a0 and \u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability in requesting weak passwords in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-025838" } ], "trust": 0.8 } }
var-202106-0506
Vulnerability from variot
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application.
An information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0506", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "20.07" }, { "model": "application gateway", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "1.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "application gateway", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "db": "NVD", "id": "CVE-2021-20576" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:application_gateway:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20576" } ] }, "cve": "CVE-2021-20576", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-20576", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2021-39673", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-378252", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-20576", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20576", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20576", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-39673", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202105-1991", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-378252", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378252" }, { "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "db": "NVD", "id": "CVE-2021-20576" }, { "db": "NVD", "id": "CVE-2021-20576" }, { "db": "CNNVD", "id": "CNNVD-202105-1991" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. \n\r\n\r\nAn information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information", "sources": [ { "db": "NVD", "id": "CVE-2021-20576" }, { "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378252" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20576", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2021-001973", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202105-1991", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-39673", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-378252", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378252" }, { "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "db": "NVD", "id": "CVE-2021-20576" }, { "db": "CNNVD", "id": "CNNVD-202105-1991" } ] }, "id": "VAR-202106-0506", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378252" } ], "trust": 1.13076225 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" } ] }, "last_update_date": "2023-12-18T13:07:10.104000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6457315 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6457315" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001973" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "db": "NVD", "id": "CVE-2021-20576" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6457315" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280" }, { "trust": 1.2, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20576" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378252" }, { "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "db": "NVD", "id": "CVE-2021-20576" }, { "db": "CNNVD", "id": "CNNVD-202105-1991" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-39673" }, { "db": "VULHUB", "id": "VHN-378252" }, { "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "db": "NVD", "id": "CVE-2021-20576" }, { "db": "CNNVD", "id": "CNNVD-202105-1991" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-05T00:00:00", "db": "CNVD", "id": "CNVD-2021-39673" }, { "date": "2021-06-01T00:00:00", "db": "VULHUB", "id": "VHN-378252" }, { "date": "2021-07-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "date": "2021-06-01T14:15:08.630000", "db": "NVD", "id": "CVE-2021-20576" }, { "date": "2021-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1991" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-06T00:00:00", "db": "CNVD", "id": "CNVD-2021-39673" }, { "date": "2021-06-04T00:00:00", "db": "VULHUB", "id": "VHN-378252" }, { "date": "2021-07-06T08:12:00", "db": "JVNDB", "id": "JVNDB-2021-001973" }, { "date": "2021-06-04T18:29:45.303000", "db": "NVD", "id": "CVE-2021-20576" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1991" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1991" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001973" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1991" } ], "trust": 0.6 } }
var-202107-0296
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. Vendor exploits this vulnerability IBM X-Force ID: 197980 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0296", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "NVD", "id": "CVE-2021-20500" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-20500" } ] }, "cve": "CVE-2021-20500", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-20500", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.4, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-20500", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-20500", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2021-20500", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-909", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-20500", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20500" }, { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "NVD", "id": "CVE-2021-20500" }, { "db": "NVD", "id": "CVE-2021-20500" }, { "db": "CNNVD", "id": "CNNVD-202107-909" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. Vendor exploits this vulnerability IBM X-Force ID: 197980 Is published as.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-20500" }, { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "CNNVD", "id": "CNNVD-202107-909" }, { "db": "VULMON", "id": "CVE-2021-20500" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-20500", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-009588", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202107-909", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-20500", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20500" }, { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "NVD", "id": "CVE-2021-20500" }, { "db": "CNNVD", "id": "CNNVD-202107-909" } ] }, "id": "VAR-202107-0296", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:32:35.449000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6471895 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "title": "IBM Security Access Manager Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156602" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "CNNVD", "id": "CNNVD-202107-909" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "NVD", "id": "CVE-2021-20500" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197980" }, { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6471895" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20500" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/668.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-20500" }, { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "NVD", "id": "CVE-2021-20500" }, { "db": "CNNVD", "id": "CNNVD-202107-909" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-20500" }, { "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "db": "NVD", "id": "CVE-2021-20500" }, { "db": "CNNVD", "id": "CNNVD-202107-909" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-15T00:00:00", "db": "VULMON", "id": "CVE-2021-20500" }, { "date": "2022-05-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "date": "2021-07-15T18:15:08.840000", "db": "NVD", "id": "CVE-2021-20500" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-909" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-20500" }, { "date": "2022-05-11T07:24:00", "db": "JVNDB", "id": "JVNDB-2021-009588" }, { "date": "2022-07-12T17:42:04.277000", "db": "NVD", "id": "CVE-2021-20500" }, { "date": "2022-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-909" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-909" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0Docker\u00a0 Vulnerability in Resource Leakage to Wrong Domain", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009588" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-909" } ], "trust": 0.6 } }
var-202207-0328
Vulnerability from variot
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. Vendor exploits this vulnerability IBM X-Force ID: 221194 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication A cross-site scripting vulnerability exists in IBM Security Verify Access version 10.0.0 that arises from insufficient sanitization of user-supplied data. A remote user can trick a victim into following a specially crafted link and execute arbitrary HTML and script code on the vulnerable website in the user's browser
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0328", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.1.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.3.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "security verify access", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "10.0.2.0" }, { "model": "security verify access", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "NVD", "id": "CVE-2022-22370" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22370" } ] }, "cve": "CVE-2022-22370", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22370", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "psirt@us.ibm.com", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-22370", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22370", "trust": 1.8, "value": "MEDIUM" }, { "author": "psirt@us.ibm.com", "id": "CVE-2022-22370", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202207-539", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22370", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22370" }, { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "NVD", "id": "CVE-2022-22370" }, { "db": "NVD", "id": "CVE-2022-22370" }, { "db": "CNNVD", "id": "CNNVD-202207-539" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. Vendor exploits this vulnerability IBM X-Force ID: 221194 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nA cross-site scripting vulnerability exists in IBM Security Verify Access version 10.0.0 that arises from insufficient sanitization of user-supplied data. A remote user can trick a victim into following a specially crafted link and execute arbitrary HTML and script code on the vulnerable website in the user\u0027s browser", "sources": [ { "db": "NVD", "id": "CVE-2022-22370" }, { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "CNNVD", "id": "CNNVD-202207-539" }, { "db": "VULMON", "id": "CVE-2022-22370" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22370", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2022-015241", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022070714", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-539", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-22370", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22370" }, { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "NVD", "id": "CVE-2022-22370" }, { "db": "CNNVD", "id": "CNNVD-202207-539" } ] }, "id": "VAR-202207-0328", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21866737 }, "last_update_date": "2023-12-18T13:55:23.276000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "6601725 IBM\u00a0X-Force\u00a0Exchange", "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/6601725" }, { "title": "IBM Security Verify Access Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=198965" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "CNNVD", "id": "CNNVD-202207-539" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "NVD", "id": "CVE-2022-22370" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.ibm.com/support/pages/node/6601725" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22370" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22370/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070714" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22370" }, { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "NVD", "id": "CVE-2022-22370" }, { "db": "CNNVD", "id": "CNNVD-202207-539" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-22370" }, { "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "db": "NVD", "id": "CVE-2022-22370" }, { "db": "CNNVD", "id": "CNNVD-202207-539" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-08T00:00:00", "db": "VULMON", "id": "CVE-2022-22370" }, { "date": "2023-09-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "date": "2022-07-08T18:15:09.513000", "db": "NVD", "id": "CVE-2022-22370" }, { "date": "2022-07-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-539" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-20T00:00:00", "db": "VULMON", "id": "CVE-2022-22370" }, { "date": "2023-09-26T02:20:00", "db": "JVNDB", "id": "JVNDB-2022-015241" }, { "date": "2022-07-20T17:21:21.043000", "db": "NVD", "id": "CVE-2022-22370" }, { "date": "2022-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-539" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-539" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM\u00a0Security\u00a0Verify\u00a0Access\u00a0 Cross-site scripting vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015241" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-539" } ], "trust": 0.6 } }
cve-2021-38956
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212038 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138956-info-disc (212038)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.1.0" } ] } ], "datePublic": "2022-01-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/C:L/I:N/A:N/S:U/UI:N/PR:N/AV:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-07T17:55:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138956-info-disc (212038)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-38956", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" }, { "version_value": "10.0.2.0" }, { "version_value": "10.0.1.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038" } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6538418", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538418 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138956-info-disc (212038)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38956", "datePublished": "2022-01-07T17:55:24.652375Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T16:17:38.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4661
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Access Manager | |
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.113Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204661-info-disc (186142)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Access Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.7" } ] }, { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" } ] } ], "datePublic": "2020-10-08T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/I:N/C:H/UI:N/S:U/PR:N/A:N/AV:A/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T13:05:35", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204661-info-disc (186142)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-08T00:00:00", "ID": "CVE-2020-4661", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Access Manager", "version": { "version_data": [ { "version_value": "9.0.7" } ] } }, { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "A", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6346619", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6346619 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204661-info-disc (186142)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4661", "datePublished": "2020-10-12T13:05:35.256777Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T17:38:55.445Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22463
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6601729 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/225079 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222463-sql-injection (225079)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.0.0" }, { "status": "affected", "version": "10.0.1.0" }, { "status": "affected", "version": "10.0.3.0" } ] } ], "datePublic": "2022-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/PR:H/A:N/AC:H/AV:A/S:C/UI:N/I:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Data Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-08T17:45:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222463-sql-injection (225079)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-06T00:00:00", "ID": "CVE-2022-22463", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.2.0" }, { "version_value": "10.0.0.0" }, { "version_value": "10.0.1.0" }, { "version_value": "10.0.3.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "A", "C": "H", "I": "N", "PR": "H", "S": "C", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Data Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6601729", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6601729 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222463-sql-injection (225079)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22463", "datePublished": "2022-07-08T17:45:21.020316Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T16:38:44.289Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22464
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6601729 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/225081 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222464-info-disc (225081)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.0.0" }, { "status": "affected", "version": "10.0.1.0" }, { "status": "affected", "version": "10.0.3.0" } ] } ], "datePublic": "2022-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/UI:N/S:U/AV:N/AC:H/A:N/PR:N/C:H/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-08T17:45:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222464-info-disc (225081)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-06T00:00:00", "ID": "CVE-2022-22464", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.2.0" }, { "version_value": "10.0.0.0" }, { "version_value": "10.0.1.0" }, { "version_value": "10.0.3.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6601729", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6601729 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222464-info-disc (225081)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22464", "datePublished": "2022-07-08T17:45:22.650659Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T18:08:16.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29665
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199399 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:06.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-ag-cve202129665-bo (199399)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "20.07" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/I:H/UI:N/AV:N/PR:N/C:H/S:C/AC:H/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-31T14:50:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-ag-cve202129665-bo (199399)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2021-29665", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "20.07" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "N", "C": "H", "I": "H", "PR": "N", "S": "C", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457315", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457315 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-ag-cve202129665-bo (199399)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29665", "datePublished": "2021-05-31T14:50:18.877701Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T00:21:32.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4660
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Access Manager | |
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:49.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204660-info-disc (186140)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Access Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.7" } ] }, { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" } ] } ], "datePublic": "2020-10-08T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/A:N/PR:N/UI:N/S:U/C:H/I:N/AC:H/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T13:05:34", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204660-info-disc (186140)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-08T00:00:00", "ID": "CVE-2020-4660", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Access Manager", "version": { "version_data": [ { "version_value": "9.0.7" } ] } }, { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "A", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6346619", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6346619 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204660-info-disc (186140)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4660", "datePublished": "2020-10-12T13:05:34.819706Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T22:08:58.203Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4699
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Access Manager | |
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:57.822Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204699-info-disc (186947)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Access Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.7" } ] }, { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" } ] } ], "datePublic": "2020-10-08T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/I:N/C:H/S:U/UI:N/PR:N/A:N/AV:A/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T13:05:35", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204699-info-disc (186947)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-08T00:00:00", "ID": "CVE-2020-4699", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Access Manager", "version": { "version_data": [ { "version_value": "9.0.7" } ] } }, { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "A", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6346619", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6346619 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6346619" }, { "name": "ibm-sam-cve20204699-info-disc (186947)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4699", "datePublished": "2020-10-12T13:05:35.713281Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:16:56.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38894
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209515 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.734Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138894-info-disc (209515)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.1.0" } ] } ], "datePublic": "2022-01-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.4, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/UI:N/AV:N/PR:H/AC:L/I:N/C:L/A:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-07T17:55:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138894-info-disc (209515)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-38894", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" }, { "version_value": "10.0.2.0" }, { "version_value": "10.0.1.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "H", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6538418", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538418 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138894-info-disc (209515)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38894", "datePublished": "2022-01-07T17:55:20.249096Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T16:18:02.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-35133
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7166712 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 | vdb-entry |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access | |
IBM | Security Verify Access Docker |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35133", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T17:02:51.567380Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T17:03:12.007Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "10.0.8", "status": "affected", "version": "10.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Security Verify Access Docker", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "10.0.8", "status": "affected", "version": "10.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim." } ], "value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-21T09:58:17.795Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7166712" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291026" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Security Verify Access HTTP open redirect", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-35133", "datePublished": "2024-08-29T16:39:43.913Z", "dateReserved": "2024-05-09T16:27:27.133Z", "dateUpdated": "2024-09-21T09:58:17.795Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38921
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/210067 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sam-cve202138921-info-disc (210067)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.1.0" } ] } ], "datePublic": "2022-01-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/I:N/C:H/A:N/S:U/PR:N/UI:N/AV:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-07T17:55:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sam-cve202138921-info-disc (210067)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-38921", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" }, { "version_value": "10.0.2.0" }, { "version_value": "10.0.1.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6538418", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538418 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sam-cve202138921-info-disc (210067)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38921", "datePublished": "2022-01-07T17:55:23.252972Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T22:41:31.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38957
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212040 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.853Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138957-info-disc (212040)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.1.0" } ] } ], "datePublic": "2022-01-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.7, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/S:U/PR:N/UI:R/AV:N/I:N/C:L/AC:H/A:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-07T17:55:25", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138957-info-disc (212040)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-38957", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" }, { "version_value": "10.0.2.0" }, { "version_value": "10.0.1.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6538418", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538418 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138957-info-disc (212040)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38957", "datePublished": "2022-01-07T17:55:26.027623Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T04:19:09.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38895
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209563 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.738Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138895-xss (209563)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" }, { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.1.0" } ] } ], "datePublic": "2022-01-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 2.9, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:N/C:L/I:N/AC:H/PR:L/UI:R/AV:N/S:C/RL:O/RC:C/E:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-07T17:55:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138895-xss (209563)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-38895", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" }, { "version_value": "10.0.2.0" }, { "version_value": "10.0.1.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6538418", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538418 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6538418" }, { "name": "ibm-sv-cve202138895-xss (209563)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38895", "datePublished": "2022-01-07T17:55:21.811204Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T23:55:44.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4499
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access | |
IBM | Security Access Manager |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:07:48.964Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6348046" }, { "name": "ibm-sam-cve20204499-sec-bypass (182216)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" } ] }, { "product": "Security Access Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.7" } ] } ], "datePublic": "2020-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:L/UI:N/AC:L/PR:N/AV:N/C:L/S:U/A:L/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Bypass Security", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-15T12:40:21", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6348046" }, { "name": "ibm-sam-cve20204499-sec-bypass (182216)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-14T00:00:00", "ID": "CVE-2020-4499", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" } ] } }, { "product_name": "Security Access Manager", "version": { "version_data": [ { "version_value": "9.0.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216." } ] }, "impact": { "cvssv3": { "BM": { "A": "L", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Bypass Security" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6348046", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6348046 (Security Access Manager)", "url": "https://www.ibm.com/support/pages/node/6348046" }, { "name": "ibm-sam-cve20204499-sec-bypass (182216)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4499", "datePublished": "2020-10-15T12:40:21.263570Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T04:28:43.932Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22370
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6601725 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/221194 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:54.990Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6601725" }, { "name": "ibm-sva-cve202222370-xss (221194)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.0.0" }, { "status": "affected", "version": "10.0.1.0" }, { "status": "affected", "version": "10.0.3.0" } ] } ], "datePublic": "2022-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/I:L/AV:N/RL:O/RC:C/E:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-08T17:45:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6601725" }, { "name": "ibm-sva-cve202222370-xss (221194)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-06T00:00:00", "ID": "CVE-2022-22370", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.2.0" }, { "version_value": "10.0.0.0" }, { "version_value": "10.0.1.0" }, { "version_value": "10.0.3.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R" }, "TM": { "E": "H", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6601725", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6601725 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6601725" }, { "name": "ibm-sva-cve202222370-xss (221194)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22370", "datePublished": "2022-07-08T17:45:19.536069Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T16:33:20.269Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43868
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7028513 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/239445 | vdb-entry |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7028513" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239445" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43868", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T20:03:27.647309Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T20:03:34.983Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "OIDC Provider" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445." } ], "value": "IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-14T15:28:03.271Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7028513" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239445" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Security Verify Access information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43868", "datePublished": "2023-10-14T15:28:03.271Z", "dateReserved": "2022-10-26T15:46:22.824Z", "dateUpdated": "2024-09-16T20:03:34.983Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-4552
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access | |
IBM | Security Access Manager |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6348046" }, { "name": "ibm-sam-cve20194552-response-splitting (165960)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" } ] }, { "product": "Security Access Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "9.0.7" } ] } ], "datePublic": "2020-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/C:L/PR:N/A:N/S:C/I:L/UI:R/AC:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-15T12:40:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6348046" }, { "name": "ibm-sam-cve20194552-response-splitting (165960)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-10-14T00:00:00", "ID": "CVE-2019-4552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" } ] } }, { "product_name": "Security Access Manager", "version": { "version_data": [ { "version_value": "9.0.7" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "C", "UI": "R" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6348046", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6348046 (Security Access Manager)", "url": "https://www.ibm.com/support/pages/node/6348046" }, { "name": "ibm-sam-cve20194552-response-splitting (165960)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4552", "datePublished": "2020-10-15T12:40:20.849636Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T19:25:59.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20585
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199398 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:44.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-ag-cve202120585-info-disc (199398)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "20.07" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/C:L/PR:N/AV:N/AC:L/I:N/A:N/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-31T14:50:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-ag-cve202120585-info-disc (199398)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2021-20585", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "20.07" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457315", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457315 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-ag-cve202120585-info-disc (199398)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20585", "datePublished": "2021-05-31T14:50:18.138778Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-17T00:15:52.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43740
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7028513 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238921 | vdb-entry |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7028513" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238921" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43740", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T20:04:24.691263Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T20:04:37.403Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "OIDC Provider" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921." } ], "value": "IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-14T15:13:27.562Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7028513" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238921" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Security Verify Access denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43740", "datePublished": "2023-10-14T15:13:27.562Z", "dateReserved": "2022-10-25T17:36:35.656Z", "dateUpdated": "2024-09-16T20:04:37.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22465
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6601729 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/225082 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222465-priv-escalation (225082)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.2.0" }, { "status": "affected", "version": "10.0.0.0" }, { "status": "affected", "version": "10.0.1.0" }, { "status": "affected", "version": "10.0.3.0" } ] } ], "datePublic": "2022-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/PR:L/A:N/C:H/I:H/S:U/UI:N/AV:L/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-08T17:45:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222465-priv-escalation (225082)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-06T00:00:00", "ID": "CVE-2022-22465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.2.0" }, { "version_value": "10.0.0.0" }, { "version_value": "10.0.1.0" }, { "version_value": "10.0.3.0" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "H", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6601729", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6601729 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6601729" }, { "name": "ibm-sam-cve202222465-priv-escalation (225082)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22465", "datePublished": "2022-07-08T17:45:24.113826Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-17T00:21:39.697Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22311
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6568043 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/217226 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:50.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6568043" }, { "name": "ibm-sv-cve202222311-improper-validation (217226)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0" }, { "status": "affected", "version": "10.0.1" }, { "status": "affected", "version": "10.0.2" }, { "status": "affected", "version": "10.0.3" } ] } ], "datePublic": "2022-03-30T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/PR:N/A:N/S:U/UI:N/I:L/AV:N/C:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-31T17:30:17", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6568043" }, { "name": "ibm-sv-cve202222311-improper-validation (217226)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-30T00:00:00", "ID": "CVE-2022-22311", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "10.0.0" }, { "version_value": "10.0.1" }, { "version_value": "10.0.2" }, { "version_value": "10.0.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Access" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6568043", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6568043 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6568043" }, { "name": "ibm-sv-cve202222311-improper-validation (217226)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22311", "datePublished": "2022-03-31T17:30:17.724311Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T20:01:49.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30430
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7158789 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 | vdb-entry |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-30430", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-27T18:52:34.173468Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-27T18:52:43.238Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7158789" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252183" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "10.0.7.1", "status": "affected", "version": "10.0.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183." } ], "value": "IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-24T10:44:17.483Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7158789" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252183" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Security Verify Access information disclosure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-30430", "datePublished": "2024-06-27T15:53:23.648Z", "dateReserved": "2023-04-08T15:56:20.543Z", "dateUpdated": "2024-08-24T10:44:17.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31883
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7158789 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/287615 | vdb-entry |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-31883", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-27T17:23:26.234798Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-27T17:23:32.454Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:59:50.071Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7158789" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "lessThanOrEqual": "10.0.7.1", "status": "affected", "version": "10.0.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615." } ], "value": "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-703", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-27T15:50:52.220Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7158789" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Security Verify Access denial of service", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-31883", "datePublished": "2024-06-27T15:50:52.220Z", "dateReserved": "2024-04-07T12:44:46.961Z", "dateUpdated": "2024-08-02T01:59:50.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20576
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199280 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:44.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-appgateway-cve202120576-dos (199280)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "20.07" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/PR:N/S:U/C:N/AC:L/A:H/I:N/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-31T14:50:17", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-appgateway-cve202120576-dos (199280)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2021-20576", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "20.07" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457315", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457315 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-appgateway-cve202120576-dos (199280)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20576", "datePublished": "2021-05-31T14:50:17.494688Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T23:36:00.300Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25927
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://https://www.ibm.com/support/pages/node/6989653 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 | vdb-entry |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:05.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://https://www.ibm.com/support/pages/node/6989653" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635." } ], "value": "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-12T17:38:51.966Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://https://www.ibm.com/support/pages/node/6989653" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Security Verify Access denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-25927", "datePublished": "2023-05-12T17:38:51.966Z", "dateReserved": "2023-02-16T16:39:45.212Z", "dateUpdated": "2024-08-02T11:39:05.326Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36775
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6953617 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 | vdb-entry |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:14:28.496Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6953617" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Security Verify Access ", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, 10.0.4.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576." } ], "value": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "644 Improper Neutralization of HTTP Headers for Scripting Syntax", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-17T16:22:46.450Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6953617" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM Security Verify Access HOST header injection", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-36775", "datePublished": "2023-02-17T16:22:46.450Z", "dateReserved": "2022-07-26T14:04:17.547Z", "dateUpdated": "2024-08-03T10:14:28.496Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20575
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199278 | vdb-entry, x_refsource_XF |
▼ | Vendor | Product |
---|---|---|
IBM | Security Verify Access |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:44.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-appgateway-cve202120575-info-disc (199278)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Security Verify Access", "vendor": "IBM", "versions": [ { "status": "affected", "version": "20.07" } ] } ], "datePublic": "2021-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:L/C:L/S:U/PR:N/UI:N/I:N/A:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-31T14:50:16", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-appgateway-cve202120575-info-disc (199278)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-28T00:00:00", "ID": "CVE-2021-20575", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Security Verify Access", "version": { "version_data": [ { "version_value": "20.07" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "L", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6457315", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6457315 (Security Verify Access)", "url": "https://www.ibm.com/support/pages/node/6457315" }, { "name": "ibm-appgateway-cve202120575-info-disc (199278)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-20575", "datePublished": "2021-05-31T14:50:16.841661Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-16T23:25:46.202Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }