Vulnerabilites related to IBM - Security Verify Access
var-202403-3007
Vulnerability from variot
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-3007", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.6", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, { db: "NVD", id: "CVE-2024-25027", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2024-25027", }, ], }, cve: "CVE-2024-25027", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.5, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2024-25027", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2024-25027", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2024-25027", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, { db: "NVD", id: "CVE-2024-25027", }, { db: "NVD", id: "CVE-2024-25027", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607", sources: [ { db: "NVD", id: "CVE-2024-25027", }, { db: "JVNDB", id: "JVNDB-2024-003065", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2024-25027", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2024-003065", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, { db: "NVD", id: "CVE-2024-25027", }, ], }, id: "VAR-202403-3007", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2024-04-18T13:29:42.346000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7145400 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7145400", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-311", trust: 1, }, { problemtype: "Lack of encryption of critical data (CWE-311) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, { db: "NVD", id: "CVE-2024-25027", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/281607", }, { trust: 1, url: "https://www.ibm.com/support/pages/node/7145400", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2024-25027", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, { db: "NVD", id: "CVE-2024-25027", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, { db: "NVD", id: "CVE-2024-25027", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-04-04T00:00:00", db: "JVNDB", id: "JVNDB-2024-003065", }, { date: "2024-03-31T12:15:50.637000", db: "NVD", id: "CVE-2024-25027", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-04-04T00:38:00", db: "JVNDB", id: "JVNDB-2024-003065", }, { date: "2024-04-02T17:57:34.440000", db: "NVD", id: "CVE-2024-25027", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access Vulnerability regarding lack of encryption of critical data in", sources: [ { db: "JVNDB", id: "JVNDB-2024-003065", }, ], trust: 0.8, }, }
var-202107-0293
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969. Vendor exploits this vulnerability IBM X-Force ID: 197969 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0293", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "NVD", id: "CVE-2021-20497", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20497", }, ], }, cve: "CVE-2021-20497", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20497", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20497", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20497", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20497", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-937", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-20497", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20497", }, { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "NVD", id: "CVE-2021-20497", }, { db: "NVD", id: "CVE-2021-20497", }, { db: "CNNVD", id: "CNNVD-202107-937", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969. Vendor exploits this vulnerability IBM X-Force ID: 197969 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20497", }, { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "VULMON", id: "CVE-2021-20497", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20497", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009657", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-937", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20497", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20497", }, { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "NVD", id: "CVE-2021-20497", }, { db: "CNNVD", id: "CNNVD-202107-937", }, ], }, id: "VAR-202107-0293", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:22:49.870000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156630", }, { title: "CVE-2021-20497", trust: 0.1, url: "https://github.com/aipocai/cve-2021-20497 ", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20497", }, { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "CNNVD", id: "CNNVD-202107-937", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-327", trust: 1, }, { problemtype: "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "NVD", id: "CVE-2021-20497", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/197969", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20497", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/327.html", }, { trust: 0.1, url: "https://github.com/aipocai/cve-2021-20497", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20497", }, { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "NVD", id: "CVE-2021-20497", }, { db: "CNNVD", id: "CNNVD-202107-937", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20497", }, { db: "JVNDB", id: "JVNDB-2021-009657", }, { db: "NVD", id: "CVE-2021-20497", }, { db: "CNNVD", id: "CNNVD-202107-937", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20497", }, { date: "2022-05-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-009657", }, { date: "2021-07-15T18:15:08.730000", db: "NVD", id: "CVE-2021-20497", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-937", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-29T00:00:00", db: "VULMON", id: "CVE-2021-20497", }, { date: "2022-05-17T02:23:00", db: "JVNDB", id: "JVNDB-2021-009657", }, { date: "2021-09-29T15:38:01.020000", db: "NVD", id: "CVE-2021-20497", }, { date: "2021-07-26T00:00:00", db: "CNNVD", id: "CNNVD-202107-937", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-937", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Vulnerability in using cryptographic algorithms in", sources: [ { db: "JVNDB", id: "JVNDB-2021-009657", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202107-937", }, ], trust: 0.6, }, }
var-202202-1031
Vulnerability from variot
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. Vendor exploits this vulnerability IBM X-Force ID: 215353 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1031", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access docker", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access docker", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "security verify access docker", scope: null, trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "NVD", id: "CVE-2021-39070", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-39070", }, ], }, cve: "CVE-2021-39070", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-39070", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-39070", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-39070", trust: 1.8, value: "CRITICAL", }, { author: "psirt@us.ibm.com", id: "CVE-2021-39070", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202202-135", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "NVD", id: "CVE-2021-39070", }, { db: "NVD", id: "CVE-2021-39070", }, { db: "CNNVD", id: "CNNVD-202202-135", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353. Vendor exploits this vulnerability IBM X-Force ID: 215353 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2021-39070", }, { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "CNNVD", id: "CNNVD-202202-135", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-39070", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-018290", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202202-135", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "NVD", id: "CVE-2021-39070", }, { db: "CNNVD", id: "CNNVD-202202-135", }, ], }, id: "VAR-202202-1031", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2023-12-18T13:51:14.193000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6552318 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6552318", }, { title: "IBM Security Verify Access Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=180228", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "CNNVD", id: "CNNVD-202202-135", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "NVD", id: "CVE-2021-39070", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/215353", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6552318", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-39070", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "NVD", id: "CVE-2021-39070", }, { db: "CNNVD", id: "CNNVD-202202-135", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, { db: "NVD", id: "CVE-2021-39070", }, { db: "CNNVD", id: "CNNVD-202202-135", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-08T00:00:00", db: "JVNDB", id: "JVNDB-2021-018290", }, { date: "2022-02-02T12:15:08.140000", db: "NVD", id: "CVE-2021-39070", }, { date: "2022-02-02T00:00:00", db: "CNNVD", id: "CNNVD-202202-135", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-08T06:23:00", db: "JVNDB", id: "JVNDB-2021-018290", }, { date: "2022-07-12T17:42:04.277000", db: "NVD", id: "CVE-2021-39070", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202202-135", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202202-135", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-018290", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202202-135", }, ], trust: 0.6, }, }
var-202107-0677
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. Vendor exploits this vulnerability IBM X-Force ID: 200600 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0677", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "NVD", id: "CVE-2021-29699", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-29699", }, ], }, cve: "CVE-2021-29699", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-29699", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.7, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.8, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-29699", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-29699", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-29699", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-958", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-29699", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-29699", }, { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "NVD", id: "CVE-2021-29699", }, { db: "NVD", id: "CVE-2021-29699", }, { db: "CNNVD", id: "CNNVD-202107-958", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. Vendor exploits this vulnerability IBM X-Force ID: 200600 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-29699", }, { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "VULMON", id: "CVE-2021-29699", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-29699", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009577", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-958", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-29699", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-29699", }, { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "NVD", id: "CVE-2021-29699", }, { db: "CNNVD", id: "CNNVD-202107-958", }, ], }, id: "VAR-202107-0677", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:12:27.144000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156647", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "CNNVD", id: "CNNVD-202107-958", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-434", trust: 1, }, { problemtype: "Unlimited upload of dangerous types of files (CWE-434) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "NVD", id: "CVE-2021-29699", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/200600", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-29699", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/434.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-29699", }, { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "NVD", id: "CVE-2021-29699", }, { db: "CNNVD", id: "CNNVD-202107-958", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-29699", }, { db: "JVNDB", id: "JVNDB-2021-009577", }, { db: "NVD", id: "CVE-2021-29699", }, { db: "CNNVD", id: "CNNVD-202107-958", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-29699", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009577", }, { date: "2021-07-15T18:15:09.153000", db: "NVD", id: "CVE-2021-29699", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-958", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-29699", }, { date: "2022-05-11T04:55:00", db: "JVNDB", id: "JVNDB-2021-009577", }, { date: "2021-09-29T16:12:09.137000", db: "NVD", id: "CVE-2021-29699", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-958", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-958", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Unlimited Upload Vulnerability in File Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-009577", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202107-958", }, ], trust: 0.6, }, }
var-202402-0187
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0187", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-002252", }, { db: "NVD", id: "CVE-2023-32327", }, ], }, cve: "CVE-2023-32327", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 4.2, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 7.1, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-32327", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-32327", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2023-32327", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-002252", }, { db: "NVD", id: "CVE-2023-32327", }, { db: "NVD", id: "CVE-2023-32327", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783", sources: [ { db: "NVD", id: "CVE-2023-32327", }, { db: "JVNDB", id: "JVNDB-2024-002252", }, { db: "VULMON", id: "CVE-2023-32327", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-32327", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2024-002252", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-32327", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-32327", }, { db: "JVNDB", id: "JVNDB-2024-002252", }, { db: "NVD", id: "CVE-2023-32327", }, ], }, id: "VAR-202402-0187", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-02-10T23:16:03.025000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-002252", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-611", trust: 1, }, { problemtype: "XML Improper restriction of external entity references (CWE-611) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-002252", }, { db: "NVD", id: "CVE-2023-32327", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254783", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-32327", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/611.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-32327", }, { db: "JVNDB", id: "JVNDB-2024-002252", }, { db: "NVD", id: "CVE-2023-32327", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-32327", }, { db: "JVNDB", id: "JVNDB-2024-002252", }, { db: "NVD", id: "CVE-2023-32327", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-03T00:00:00", db: "VULMON", id: "CVE-2023-32327", }, { date: "2024-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2024-002252", }, { date: "2024-02-03T01:15:08.653000", db: "NVD", id: "CVE-2023-32327", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-05T00:00:00", db: "VULMON", id: "CVE-2023-32327", }, { date: "2024-02-09T02:06:00", db: "JVNDB", id: "JVNDB-2024-002252", }, { date: "2024-02-07T16:16:58.450000", db: "NVD", id: "CVE-2023-32327", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker In XML External entity vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2024-002252", }, ], trust: 0.8, }, }
var-202010-1442
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1442", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 2.4, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.7.0", }, { model: "security access manager", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "security access manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.7", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "NVD", id: "CVE-2020-4660", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-4660", }, ], }, cve: "CVE-2020-4660", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.9, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2020-4660", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, id: "CNVD-2020-59033", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-4660", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-4660", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2020-4660", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-59033", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202010-322", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "NVD", id: "CVE-2020-4660", }, { db: "NVD", id: "CVE-2020-4660", }, { db: "CNNVD", id: "CNNVD-202010-322", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. Vendor exploits this vulnerability IBM X-Force ID: 186140 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing", sources: [ { db: "NVD", id: "CVE-2020-4660", }, { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "CNNVD", id: "CNNVD-202010-322", }, ], trust: 2.7, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-4660", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-012244", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-59033", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3499", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202010-322", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "NVD", id: "CVE-2020-4660", }, { db: "CNNVD", id: "CNNVD-202010-322", }, ], }, id: "VAR-202010-1442", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-59033", }, ], trust: 0.81866737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59033", }, ], }, last_update_date: "2023-12-18T12:16:48.041000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6346619 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6346619", }, { title: "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237682", }, { title: "IBM Security Access Manager Appliance Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130219", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "CNNVD", id: "CNNVD-202010-322", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-203", trust: 1, }, { problemtype: "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "NVD", id: "CVE-2020-4660", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6346619", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-4660", }, { trust: 1.2, url: "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3499/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "NVD", id: "CVE-2020-4660", }, { db: "CNNVD", id: "CNNVD-202010-322", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012244", }, { db: "NVD", id: "CVE-2020-4660", }, { db: "CNNVD", id: "CNNVD-202010-322", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59033", }, { date: "2021-04-27T00:00:00", db: "JVNDB", id: "JVNDB-2020-012244", }, { date: "2020-10-12T13:15:12.383000", db: "NVD", id: "CVE-2020-4660", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202010-322", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59033", }, { date: "2021-04-27T09:04:00", db: "JVNDB", id: "JVNDB-2020-012244", }, { date: "2020-10-19T16:17:35.417000", db: "NVD", id: "CVE-2020-4660", }, { date: "2020-10-21T00:00:00", db: "CNNVD", id: "CNNVD-202010-322", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202010-322", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager and IBM Security Verify Access Vulnerability regarding information leakage due to difference in response to security-related processing", sources: [ { db: "JVNDB", id: "JVNDB-2020-012244", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202010-322", }, ], trust: 0.6, }, }
var-202302-0494
Vulnerability from variot
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0494", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.4.0", }, { model: "security verify access docker", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.4.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.3.0", }, { model: "security verify access docker", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.3.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access docker", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access docker", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.3.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.4.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "NVD", id: "CVE-2022-36775", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-36775", }, ], }, cve: "CVE-2022-36775", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2022-36775", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-36775", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2022-36775", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202302-611", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "NVD", id: "CVE-2022-36775", }, { db: "NVD", id: "CVE-2022-36775", }, { db: "CNNVD", id: "CNNVD-202302-611", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576", sources: [ { db: "NVD", id: "CVE-2022-36775", }, { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "VULMON", id: "CVE-2022-36775", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-36775", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-016942", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2023.0742", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202302-611", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-36775", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-36775", }, { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "NVD", id: "CVE-2022-36775", }, { db: "CNNVD", id: "CNNVD-202302-611", }, ], }, id: "VAR-202302-0494", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2023-12-18T12:41:49.892000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6953617 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6953617", }, { title: "IBM WebSphere Application Server Liberty Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226730", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "CNNVD", id: "CNNVD-202302-611", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1, }, { problemtype: "injection (CWE-74) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "NVD", id: "CVE-2022-36775", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6953617", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-36775", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.0742", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-36775/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-36775", }, { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "NVD", id: "CVE-2022-36775", }, { db: "CNNVD", id: "CNNVD-202302-611", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-36775", }, { db: "JVNDB", id: "JVNDB-2022-016942", }, { db: "NVD", id: "CVE-2022-36775", }, { db: "CNNVD", id: "CNNVD-202302-611", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-17T00:00:00", db: "VULMON", id: "CVE-2022-36775", }, { date: "2023-10-10T00:00:00", db: "JVNDB", id: "JVNDB-2022-016942", }, { date: "2023-02-17T17:15:11.137000", db: "NVD", id: "CVE-2022-36775", }, { date: "2023-02-08T00:00:00", db: "CNNVD", id: "CNNVD-202302-611", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-17T00:00:00", db: "VULMON", id: "CVE-2022-36775", }, { date: "2023-10-10T07:52:00", db: "JVNDB", id: "JVNDB-2022-016942", }, { date: "2023-11-07T03:49:40.850000", db: "NVD", id: "CVE-2022-36775", }, { date: "2023-02-27T00:00:00", db: "CNNVD", id: "CNNVD-202302-611", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-611", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-016942", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-202302-611", }, ], trust: 0.6, }, }
var-202305-1185
Vulnerability from variot
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. IBM of Security Verify Access Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-1185", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.5", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.4", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.3", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "NVD", id: "CVE-2023-25927", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-25927", }, ], }, cve: "CVE-2023-25927", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2023-25927", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2023-25927", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-25927", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202305-1284", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "CNNVD", id: "CNNVD-202305-1284", }, { db: "NVD", id: "CVE-2023-25927", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. IBM of Security Verify Access Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-25927", }, { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "CNNVD", id: "CNNVD-202305-1284", }, { db: "VULMON", id: "CVE-2023-25927", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-25927", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-011092", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202305-1284", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-25927", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-25927", }, { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "CNNVD", id: "CNNVD-202305-1284", }, { db: "NVD", id: "CVE-2023-25927", }, ], }, id: "VAR-202305-1185", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-13T22:33:42.689000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6989653 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719", }, { title: "IBM Security Verify Access Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=238860", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "CNNVD", id: "CNNVD-202305-1284", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "NVD", id: "CVE-2023-25927", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719", }, { trust: 1.1, url: "https://https://www.ibm.com/support/pages/node/6989653", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-25927", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-25927/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-25927", }, { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "CNNVD", id: "CNNVD-202305-1284", }, { db: "NVD", id: "CVE-2023-25927", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-25927", }, { db: "JVNDB", id: "JVNDB-2023-011092", }, { db: "CNNVD", id: "CNNVD-202305-1284", }, { db: "NVD", id: "CVE-2023-25927", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-12T00:00:00", db: "VULMON", id: "CVE-2023-25927", }, { date: "2023-12-12T00:00:00", db: "JVNDB", id: "JVNDB-2023-011092", }, { date: "2023-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202305-1284", }, { date: "2023-05-12T18:15:00", db: "NVD", id: "CVE-2023-25927", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-15T00:00:00", db: "VULMON", id: "CVE-2023-25927", }, { date: "2023-12-12T05:54:00", db: "JVNDB", id: "JVNDB-2023-011092", }, { date: "2023-05-25T00:00:00", db: "CNNVD", id: "CNNVD-202305-1284", }, { date: "2023-05-24T16:35:00", db: "NVD", id: "CVE-2023-25927", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-1284", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-011092", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202305-1284", }, ], trust: 0.6, }, }
var-202010-0152
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Vendor exploits this vulnerability IBM X-Force ID: 165960 Is published as.Information may be obtained and information may be tampered with. The product implements access management control through integrated devices for Web, mobile, and cloud computing. response
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0152", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.4, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: "lt", trust: 1, vendor: "ibm", version: "9.0.7.2", }, { model: "security verify access", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.1", }, { model: "security access manager", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.7.0", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "security access manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.7", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57817", }, { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "NVD", id: "CVE-2019-4552", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.0.7.2", versionStartIncluding: "9.0.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.1", versionStartIncluding: "10.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-4552", }, ], }, cve: "CVE-2019-4552", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-4552", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2020-57817", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2019-4552", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-4552", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2019-4552", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-57817", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202010-659", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-4552", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57817", }, { db: "VULMON", id: "CVE-2019-4552", }, { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "NVD", id: "CVE-2019-4552", }, { db: "NVD", id: "CVE-2019-4552", }, { db: "CNNVD", id: "CNNVD-202010-659", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Vendor exploits this vulnerability IBM X-Force ID: 165960 Is published as.Information may be obtained and information may be tampered with. The product implements access management control through integrated devices for Web, mobile, and cloud computing. response", sources: [ { db: "NVD", id: "CVE-2019-4552", }, { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "CNVD", id: "CNVD-2020-57817", }, { db: "CNNVD", id: "CNNVD-202010-659", }, { db: "VULMON", id: "CVE-2019-4552", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-4552", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2019-016064", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-57817", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3558", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202010-659", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-4552", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57817", }, { db: "VULMON", id: "CVE-2019-4552", }, { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "NVD", id: "CVE-2019-4552", }, { db: "CNNVD", id: "CNNVD-202010-659", }, ], }, id: "VAR-202010-0152", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-57817", }, ], trust: 0.81866737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57817", }, ], }, last_update_date: "2023-12-18T11:37:17.642000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6348046 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6348046", }, { title: "Patch for IBM Security Access Manager and IBM Security Verify Access HTTP response splitting vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/236938", }, { title: "IBM Security Access Manager and IBM Security Verify Access Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130481", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57817", }, { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "CNNVD", id: "CNNVD-202010-659", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "Other (CWE-Other) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "NVD", id: "CVE-2019-4552", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-4552", }, { trust: 1.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6348046", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3558/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57817", }, { db: "VULMON", id: "CVE-2019-4552", }, { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "NVD", id: "CVE-2019-4552", }, { db: "CNNVD", id: "CNNVD-202010-659", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-57817", }, { db: "VULMON", id: "CVE-2019-4552", }, { db: "JVNDB", id: "JVNDB-2019-016064", }, { db: "NVD", id: "CVE-2019-4552", }, { db: "CNNVD", id: "CNNVD-202010-659", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-21T00:00:00", db: "CNVD", id: "CNVD-2020-57817", }, { date: "2020-10-15T00:00:00", db: "VULMON", id: "CVE-2019-4552", }, { date: "2021-04-30T00:00:00", db: "JVNDB", id: "JVNDB-2019-016064", }, { date: "2020-10-15T13:15:12.807000", db: "NVD", id: "CVE-2019-4552", }, { date: "2020-10-15T00:00:00", db: "CNNVD", id: "CNNVD-202010-659", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-21T00:00:00", db: "CNVD", id: "CNVD-2020-57817", }, { date: "2020-10-20T00:00:00", db: "VULMON", id: "CVE-2019-4552", }, { date: "2021-04-30T06:32:00", db: "JVNDB", id: "JVNDB-2019-016064", }, { date: "2020-10-20T17:47:20.387000", db: "NVD", id: "CVE-2019-4552", }, { date: "2020-10-21T00:00:00", db: "CNNVD", id: "CNNVD-202010-659", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202010-659", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager and IBM Security Verify Access Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2019-016064", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202010-659", }, ], trust: 0.6, }, }
var-202107-0303
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813. IBM Security Verify Access Docker There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 198813 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0303", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "security verify access docker", scope: "eq", trust: 0.6, vendor: "ibm", version: "10.0.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "NVD", id: "CVE-2021-20533", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20533", }, ], }, cve: "CVE-2021-20533", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20533", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 8.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 6.5, id: "CNVD-2021-51478", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.7, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20533", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20533", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20533", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2021-51478", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202107-921", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-20533", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, { db: "VULMON", id: "CVE-2021-20533", }, { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "NVD", id: "CVE-2021-20533", }, { db: "NVD", id: "CVE-2021-20533", }, { db: "CNNVD", id: "CNNVD-202107-921", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813. IBM Security Verify Access Docker There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 198813 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile and cloud computing", sources: [ { db: "NVD", id: "CVE-2021-20533", }, { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "CNVD", id: "CNVD-2021-51478", }, { db: "VULMON", id: "CVE-2021-20533", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20533", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2021-009593", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-51478", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202107-921", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20533", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, { db: "VULMON", id: "CVE-2021-20533", }, { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "NVD", id: "CVE-2021-20533", }, { db: "CNNVD", id: "CNNVD-202107-921", }, ], }, id: "VAR-202107-0303", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, ], trust: 1.2093336849999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, ], }, last_update_date: "2023-12-18T13:07:08.872000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "Patch for IBM Security Access Manager command injection vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/279471", }, { title: "IBM Security Access Manager Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156614", }, { title: "CVE-2021-20533", trust: 0.1, url: "https://github.com/aipocai/cve-2021-20533 ", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, { db: "VULMON", id: "CVE-2021-20533", }, { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "CNNVD", id: "CNNVD-202107-921", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "NVD", id: "CVE-2021-20533", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198813", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20533", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://github.com/aipocai/cve-2021-20533", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, { db: "VULMON", id: "CVE-2021-20533", }, { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "NVD", id: "CVE-2021-20533", }, { db: "CNNVD", id: "CNNVD-202107-921", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-51478", }, { db: "VULMON", id: "CVE-2021-20533", }, { db: "JVNDB", id: "JVNDB-2021-009593", }, { db: "NVD", id: "CVE-2021-20533", }, { db: "CNNVD", id: "CNNVD-202107-921", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-17T00:00:00", db: "CNVD", id: "CNVD-2021-51478", }, { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20533", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009593", }, { date: "2021-07-15T18:15:09.037000", db: "NVD", id: "CVE-2021-20533", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-921", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-17T00:00:00", db: "CNVD", id: "CNVD-2021-51478", }, { date: "2021-09-29T00:00:00", db: "VULMON", id: "CVE-2021-20533", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009593", }, { date: "2021-09-29T16:11:28.183000", db: "NVD", id: "CVE-2021-20533", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-921", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-921", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager command injection vulnerability", sources: [ { db: "CNVD", id: "CNVD-2021-51478", }, { db: "CNNVD", id: "CNNVD-202107-921", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202107-921", }, ], trust: 0.6, }, }
var-202107-0294
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. Vendor is responsible for this vulnerability IBM X-Force ID: 197972 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0294", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "NVD", id: "CVE-2021-20498", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20498", }, ], }, cve: "CVE-2021-20498", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20498", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-20498", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20498", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20498", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-957", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20498", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20498", }, { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "NVD", id: "CVE-2021-20498", }, { db: "NVD", id: "CVE-2021-20498", }, { db: "CNNVD", id: "CNNVD-202107-957", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. Vendor is responsible for this vulnerability IBM X-Force ID: 197972 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20498", }, { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "CNNVD", id: "CNNVD-202107-957", }, { db: "VULMON", id: "CVE-2021-20498", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20498", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009658", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-957", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20498", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20498", }, { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "NVD", id: "CVE-2021-20498", }, { db: "CNNVD", id: "CNNVD-202107-957", }, ], }, id: "VAR-202107-0294", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T14:00:08.222000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Repair measures for log information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156646", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "CNNVD", id: "CNNVD-202107-957", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "NVD", id: "CVE-2021-20498", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/197972", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20498", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20498", }, { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "NVD", id: "CVE-2021-20498", }, { db: "CNNVD", id: "CNNVD-202107-957", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20498", }, { db: "JVNDB", id: "JVNDB-2021-009658", }, { db: "NVD", id: "CVE-2021-20498", }, { db: "CNNVD", id: "CNNVD-202107-957", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20498", }, { date: "2022-05-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-009658", }, { date: "2021-07-15T18:15:08.770000", db: "NVD", id: "CVE-2021-20498", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-957", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-21T00:00:00", db: "VULMON", id: "CVE-2021-20498", }, { date: "2022-05-17T02:23:00", db: "JVNDB", id: "JVNDB-2021-009658", }, { date: "2022-07-28T17:04:43.340000", db: "NVD", id: "CVE-2021-20498", }, { date: "2022-04-26T00:00:00", db: "CNNVD", id: "CNNVD-202107-957", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-957", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Information Disclosure Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-009658", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202107-957", }, ], trust: 0.6, }, }
var-202402-1514
Vulnerability from variot
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. IBM of Security Verify Access Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1514", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, { db: "NVD", id: "CVE-2023-32328", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.6.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-32328", }, ], }, cve: "CVE-2023-32328", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-32328", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-32328", trust: 1.8, value: "CRITICAL", }, { author: "psirt@us.ibm.com", id: "CVE-2023-32328", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, { db: "NVD", id: "CVE-2023-32328", }, { db: "NVD", id: "CVE-2023-32328", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. IBM of Security Verify Access Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-32328", }, { db: "JVNDB", id: "JVNDB-2023-025922", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-32328", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2023-025922", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, { db: "NVD", id: "CVE-2023-32328", }, ], }, id: "VAR-202402-1514", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2024-02-16T22:33:21.305000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-319", trust: 1, }, { problemtype: "Sending important information in clear text (CWE-319) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, { db: "NVD", id: "CVE-2023-32328", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657", }, { trust: 1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-32328", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, { db: "NVD", id: "CVE-2023-32328", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, { db: "NVD", id: "CVE-2023-32328", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2023-025922", }, { date: "2024-02-07T17:15:08.627000", db: "NVD", id: "CVE-2023-32328", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-14T02:56:00", db: "JVNDB", id: "JVNDB-2023-025922", }, { date: "2024-02-10T04:03:48.223000", db: "NVD", id: "CVE-2023-32328", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access Vulnerability in plaintext transmission of important information in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025922", }, ], trust: 0.8, }, }
var-202201-0541
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. Vendor exploits this vulnerability IBM X-Force ID: 210067 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication IBM Security Verify has an encryption issue vulnerability that stems from using a weaker-than-expected encryption algorithm that could allow an attacker to decrypt highly sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0541", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "NVD", id: "CVE-2021-38921", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-38921", }, ], }, cve: "CVE-2021-38921", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-38921", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-38921", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-38921", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-38921", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202201-562", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "NVD", id: "CVE-2021-38921", }, { db: "NVD", id: "CVE-2021-38921", }, { db: "CNNVD", id: "CNNVD-202201-562", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. Vendor exploits this vulnerability IBM X-Force ID: 210067 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nIBM Security Verify has an encryption issue vulnerability that stems from using a weaker-than-expected encryption algorithm that could allow an attacker to decrypt highly sensitive information", sources: [ { db: "NVD", id: "CVE-2021-38921", }, { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "CNNVD", id: "CNNVD-202201-562", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38921", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-017527", trust: 0.8, }, { db: "CS-HELP", id: "SB2022011038", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202201-562", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "NVD", id: "CVE-2021-38921", }, { db: "CNNVD", id: "CNNVD-202201-562", }, ], }, id: "VAR-202201-0541", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T11:18:52.856000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6538418 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6538418", }, { title: "IBM Security Verify Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178039", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "CNNVD", id: "CNNVD-202201-562", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-327", trust: 1, }, { problemtype: "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "NVD", id: "CVE-2021-38921", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6538418", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38921", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022011038", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "NVD", id: "CVE-2021-38921", }, { db: "CNNVD", id: "CNNVD-202201-562", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, { db: "NVD", id: "CVE-2021-38921", }, { db: "CNNVD", id: "CNNVD-202201-562", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T00:00:00", db: "JVNDB", id: "JVNDB-2021-017527", }, { date: "2022-01-10T14:10:20.527000", db: "NVD", id: "CVE-2021-38921", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-562", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T06:28:00", db: "JVNDB", id: "JVNDB-2021-017527", }, { date: "2022-01-13T20:22:52.300000", db: "NVD", id: "CVE-2021-38921", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-562", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202201-562", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Vulnerability in using cryptographic algorithms in", sources: [ { db: "JVNDB", id: "JVNDB-2021-017527", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202201-562", }, ], trust: 0.6, }, }
var-202402-0322
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0322", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025838", }, { db: "NVD", id: "CVE-2023-43016", }, ], }, cve: "CVE-2023-43016", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 7.3, baseSeverity: "High", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2023-43016", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-43016", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2023-43016", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025838", }, { db: "NVD", id: "CVE-2023-43016", }, { db: "NVD", id: "CVE-2023-43016", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-43016", }, { db: "JVNDB", id: "JVNDB-2023-025838", }, { db: "VULMON", id: "CVE-2023-43016", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-43016", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-025838", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-43016", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-43016", }, { db: "JVNDB", id: "JVNDB-2023-025838", }, { db: "NVD", id: "CVE-2023-43016", }, ], }, id: "VAR-202402-0322", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-02-10T23:18:32.030000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025838", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-521", trust: 1, }, { problemtype: "Weak password request (CWE-521) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025838", }, { db: "NVD", id: "CVE-2023-43016", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/266154", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-43016", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-43016", }, { db: "JVNDB", id: "JVNDB-2023-025838", }, { db: "NVD", id: "CVE-2023-43016", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-43016", }, { db: "JVNDB", id: "JVNDB-2023-025838", }, { db: "NVD", id: "CVE-2023-43016", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-03T00:00:00", db: "VULMON", id: "CVE-2023-43016", }, { date: "2024-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2023-025838", }, { date: "2024-02-03T01:15:09.030000", db: "NVD", id: "CVE-2023-43016", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-05T00:00:00", db: "VULMON", id: "CVE-2023-43016", }, { date: "2024-02-09T01:17:00", db: "JVNDB", id: "JVNDB-2023-025838", }, { date: "2024-02-07T14:43:52.090000", db: "NVD", id: "CVE-2023-43016", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Vulnerability in requesting weak passwords in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025838", }, ], trust: 0.8, }, }
var-202107-0300
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. Vendor exploits this vulnerability IBM X-Force ID: 198300 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0300", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "NVD", id: "CVE-2021-20511", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20511", }, ], }, cve: "CVE-2021-20511", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 6.8, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2021-20511", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, impactScore: 4.2, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.9, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20511", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20511", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20511", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-912", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20511", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20511", }, { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "NVD", id: "CVE-2021-20511", }, { db: "NVD", id: "CVE-2021-20511", }, { db: "CNNVD", id: "CNNVD-202107-912", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. Vendor exploits this vulnerability IBM X-Force ID: 198300 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20511", }, { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "VULMON", id: "CVE-2021-20511", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20511", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009590", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-912", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20511", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20511", }, { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "NVD", id: "CVE-2021-20511", }, { db: "CNNVD", id: "CNNVD-202107-912", }, ], }, id: "VAR-202107-0300", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:12:27.324000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Repair measures for path traversal vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156605", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "CNNVD", id: "CNNVD-202107-912", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, { problemtype: "Path traversal (CWE-22) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "NVD", id: "CVE-2021-20511", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198300", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20511", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20511", }, { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "NVD", id: "CVE-2021-20511", }, { db: "CNNVD", id: "CNNVD-202107-912", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20511", }, { db: "JVNDB", id: "JVNDB-2021-009590", }, { db: "NVD", id: "CVE-2021-20511", }, { db: "CNNVD", id: "CNNVD-202107-912", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20511", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009590", }, { date: "2021-07-15T18:15:08.917000", db: "NVD", id: "CVE-2021-20511", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-912", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-29T00:00:00", db: "VULMON", id: "CVE-2021-20511", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009590", }, { date: "2021-09-29T15:39:43.003000", db: "NVD", id: "CVE-2021-20511", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-912", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-912", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Traversal Vulnerability in Japan", sources: [ { db: "JVNDB", id: "JVNDB-2021-009590", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-202107-912", }, ], trust: 0.6, }, }
var-202106-0517
Vulnerability from variot
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Vendor is responsible for this vulnerability IBM X-Force ID: 199398 Is published as.Information may be obtained. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies There is an information disclosure vulnerability in the IBM Security Verify Access 20.07 version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0517", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 2.4, vendor: "ibm", version: "20.07", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39691", }, { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "NVD", id: "CVE-2021-20585", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20585", }, ], }, cve: "CVE-2021-20585", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20585", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2021-39691", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-20585", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20585", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20585", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2021-39691", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202106-035", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20585", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39691", }, { db: "VULMON", id: "CVE-2021-20585", }, { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "NVD", id: "CVE-2021-20585", }, { db: "NVD", id: "CVE-2021-20585", }, { db: "CNNVD", id: "CNNVD-202106-035", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Vendor is responsible for this vulnerability IBM X-Force ID: 199398 Is published as.Information may be obtained. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies\nThere is an information disclosure vulnerability in the IBM Security Verify Access 20.07 version", sources: [ { db: "NVD", id: "CVE-2021-20585", }, { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "CNVD", id: "CNVD-2021-39691", }, { db: "CNNVD", id: "CNNVD-202106-035", }, { db: "VULMON", id: "CVE-2021-20585", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20585", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2021-001976", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-39691", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202106-035", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20585", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39691", }, { db: "VULMON", id: "CVE-2021-20585", }, { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "NVD", id: "CVE-2021-20585", }, { db: "CNNVD", id: "CNNVD-202106-035", }, ], }, id: "VAR-202106-0517", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-39691", }, ], trust: 0.81866737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39691", }, ], }, last_update_date: "2023-12-18T13:47:04.902000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6457315 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6457315", }, { title: "Patch for IBM Security Verify Access information disclosure vulnerability (CNVD-2021-39691)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/270206", }, { title: "IBM Security Verify Access Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152868", }, { title: "CVE-2021-20585", trust: 0.1, url: "https://github.com/jamesgeeee/cve-2021-20585 ", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39691", }, { db: "VULMON", id: "CVE-2021-20585", }, { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "CNNVD", id: "CNNVD-202106-035", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "NVD", id: "CVE-2021-20585", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6457315", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20585", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://github.com/jamesgeeee/cve-2021-20585", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39691", }, { db: "VULMON", id: "CVE-2021-20585", }, { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "NVD", id: "CVE-2021-20585", }, { db: "CNNVD", id: "CNNVD-202106-035", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-39691", }, { db: "VULMON", id: "CVE-2021-20585", }, { db: "JVNDB", id: "JVNDB-2021-001976", }, { db: "NVD", id: "CVE-2021-20585", }, { db: "CNNVD", id: "CNNVD-202106-035", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-05T00:00:00", db: "CNVD", id: "CNVD-2021-39691", }, { date: "2021-06-01T00:00:00", db: "VULMON", id: "CVE-2021-20585", }, { date: "2021-07-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-001976", }, { date: "2021-06-01T14:15:08.663000", db: "NVD", id: "CVE-2021-20585", }, { date: "2021-06-01T00:00:00", db: "CNNVD", id: "CNNVD-202106-035", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-05T00:00:00", db: "CNVD", id: "CNVD-2021-39691", }, { date: "2021-06-04T00:00:00", db: "VULMON", id: "CVE-2021-20585", }, { date: "2021-07-06T08:12:00", db: "JVNDB", id: "JVNDB-2021-001976", }, { date: "2021-06-04T18:49:12.977000", db: "NVD", id: "CVE-2021-20585", }, { date: "2021-06-07T00:00:00", db: "CNNVD", id: "CNNVD-202106-035", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202106-035", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Information Disclosure Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-001976", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202106-035", }, ], trust: 0.6, }, }
var-202402-1982
Vulnerability from variot
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1982", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, { db: "NVD", id: "CVE-2023-32330", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.6.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-32330", }, ], }, cve: "CVE-2023-32330", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-32330", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-32330", trust: 1.8, value: "CRITICAL", }, { author: "psirt@us.ibm.com", id: "CVE-2023-32330", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, { db: "NVD", id: "CVE-2023-32330", }, { db: "NVD", id: "CVE-2023-32330", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-32330", }, { db: "JVNDB", id: "JVNDB-2023-025923", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-32330", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2023-025923", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, { db: "NVD", id: "CVE-2023-32330", }, ], }, id: "VAR-202402-1982", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2024-02-20T23:28:21.145000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-295", trust: 1, }, { problemtype: "Illegal certificate verification (CWE-295) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, { db: "NVD", id: "CVE-2023-32330", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977", }, { trust: 1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-32330", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, { db: "NVD", id: "CVE-2023-32330", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, { db: "NVD", id: "CVE-2023-32330", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2023-025923", }, { date: "2024-02-07T17:15:08.847000", db: "NVD", id: "CVE-2023-32330", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-14T02:56:00", db: "JVNDB", id: "JVNDB-2023-025923", }, { date: "2024-02-10T04:01:19.780000", db: "NVD", id: "CVE-2023-32330", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access Certificate validation vulnerabilities in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025923", }, ], trust: 0.8, }, }
var-202207-0454
Vulnerability from variot
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. Vendor exploits this vulnerability IBM X-Force ID: 225082 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0454", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.3.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "NVD", id: "CVE-2022-22465", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-22465", }, ], }, cve: "CVE-2022-22465", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2022-22465", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1, impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22465", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-22465", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2022-22465", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202207-644", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2022-22465", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2022-22465", }, { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "NVD", id: "CVE-2022-22465", }, { db: "NVD", id: "CVE-2022-22465", }, { db: "CNNVD", id: "CNNVD-202207-644", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. Vendor exploits this vulnerability IBM X-Force ID: 225082 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-22465", }, { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "VULMON", id: "CVE-2022-22465", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22465", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-015272", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202207-644", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-22465", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-22465", }, { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "NVD", id: "CVE-2022-22465", }, { db: "CNNVD", id: "CNNVD-202207-644", }, ], }, id: "VAR-202207-0454", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:55:23.167000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6601729 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6601729", }, { title: "IBM Security Access Manager Appliance Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200242", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "CNNVD", id: "CNNVD-202207-644", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "NVD", id: "CVE-2022-22465", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6601729", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22465", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22465/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22465", }, { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "NVD", id: "CVE-2022-22465", }, { db: "CNNVD", id: "CNNVD-202207-644", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-22465", }, { db: "JVNDB", id: "JVNDB-2022-015272", }, { db: "NVD", id: "CVE-2022-22465", }, { db: "CNNVD", id: "CNNVD-202207-644", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-08T00:00:00", db: "VULMON", id: "CVE-2022-22465", }, { date: "2023-09-26T00:00:00", db: "JVNDB", id: "JVNDB-2022-015272", }, { date: "2022-07-08T18:15:09.667000", db: "NVD", id: "CVE-2022-22465", }, { date: "2022-07-08T00:00:00", db: "CNNVD", id: "CNNVD-202207-644", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-16T00:00:00", db: "VULMON", id: "CVE-2022-22465", }, { date: "2023-09-26T06:58:00", db: "JVNDB", id: "JVNDB-2022-015272", }, { date: "2022-07-16T01:24:18.297000", db: "NVD", id: "CVE-2022-22465", }, { date: "2022-07-18T00:00:00", db: "CNNVD", id: "CNNVD-202207-644", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202207-644", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Appliance Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-015272", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202207-644", }, ], trust: 0.6, }, }
var-202107-0292
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. Vendor exploits this vulnerability IBM X-Force ID: 197966 Is published as.Information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0292", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "NVD", id: "CVE-2021-20496", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20496", }, ], }, cve: "CVE-2021-20496", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20496", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.2, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", exploitabilityScore: 1.2, impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.9, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20496", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20496", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20496", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202107-914", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20496", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20496", }, { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "NVD", id: "CVE-2021-20496", }, { db: "NVD", id: "CVE-2021-20496", }, { db: "CNNVD", id: "CNNVD-202107-914", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. Vendor exploits this vulnerability IBM X-Force ID: 197966 Is published as.Information may be tampered with", sources: [ { db: "NVD", id: "CVE-2021-20496", }, { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "VULMON", id: "CVE-2021-20496", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20496", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009656", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-914", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20496", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20496", }, { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "NVD", id: "CVE-2021-20496", }, { db: "CNNVD", id: "CNNVD-202107-914", }, ], }, id: "VAR-202107-0292", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T11:57:20.494000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Fixes for permissions and access control issues vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156607", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "CNNVD", id: "CNNVD-202107-914", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, { problemtype: "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "NVD", id: "CVE-2021-20496", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/197966", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20496", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20496", }, { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "NVD", id: "CVE-2021-20496", }, { db: "CNNVD", id: "CNNVD-202107-914", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20496", }, { db: "JVNDB", id: "JVNDB-2021-009656", }, { db: "NVD", id: "CVE-2021-20496", }, { db: "CNNVD", id: "CNNVD-202107-914", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20496", }, { date: "2022-05-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-009656", }, { date: "2021-07-15T18:15:08.693000", db: "NVD", id: "CVE-2021-20496", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-914", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-29T00:00:00", db: "VULMON", id: "CVE-2021-20496", }, { date: "2022-05-17T02:23:00", db: "JVNDB", id: "JVNDB-2021-009656", }, { date: "2021-09-29T15:37:38.420000", db: "NVD", id: "CVE-2021-20496", }, { date: "2021-07-26T00:00:00", db: "CNNVD", id: "CNNVD-202107-914", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-914", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Input confirmation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-009656", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202107-914", }, ], trust: 0.6, }, }
var-202107-0299
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299. Vendor is responsible for this vulnerability IBM X-Force ID: 198299 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0299", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "NVD", id: "CVE-2021-20510", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20510", }, ], }, cve: "CVE-2021-20510", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20510", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.3, impactScore: 4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 4.4, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20510", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20510", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20510", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-930", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20510", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20510", }, { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "NVD", id: "CVE-2021-20510", }, { db: "NVD", id: "CVE-2021-20510", }, { db: "CNNVD", id: "CNNVD-202107-930", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299. Vendor is responsible for this vulnerability IBM X-Force ID: 198299 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20510", }, { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "VULMON", id: "CVE-2021-20510", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20510", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009589", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-930", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20510", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20510", }, { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "NVD", id: "CVE-2021-20510", }, { db: "CNNVD", id: "CNNVD-202107-930", }, ], }, id: "VAR-202107-0299", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:17:49.776000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Fixes for permissions and access control issues vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156623", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "CNNVD", id: "CNNVD-202107-930", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-312", trust: 1, }, { problemtype: "Plaintext storage of important information (CWE-312) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "NVD", id: "CVE-2021-20510", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198299", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20510", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/312.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20510", }, { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "NVD", id: "CVE-2021-20510", }, { db: "CNNVD", id: "CNNVD-202107-930", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20510", }, { db: "JVNDB", id: "JVNDB-2021-009589", }, { db: "NVD", id: "CVE-2021-20510", }, { db: "CNNVD", id: "CNNVD-202107-930", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20510", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009589", }, { date: "2021-07-15T18:15:08.880000", db: "NVD", id: "CVE-2021-20510", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-930", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-20510", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009589", }, { date: "2021-09-29T15:40:27.307000", db: "NVD", id: "CVE-2021-20510", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-930", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202107-930", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Vulnerability of important information in plaintext", sources: [ { db: "JVNDB", id: "JVNDB-2021-009589", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-202107-930", }, ], trust: 0.6, }, }
var-202201-0359
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038. Vendor exploits this vulnerability IBM X-Force ID: 212038 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication IBM Security Verify has an information disclosure vulnerability that stems from the possible disclosure of sensitive version information in HTTP response headers, which could facilitate further attacks on the system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0359", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "NVD", id: "CVE-2021-38956", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-38956", }, ], }, cve: "CVE-2021-38956", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-38956", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-38956", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-38956", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-38956", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202201-559", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "NVD", id: "CVE-2021-38956", }, { db: "NVD", id: "CVE-2021-38956", }, { db: "CNNVD", id: "CNNVD-202201-559", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038. Vendor exploits this vulnerability IBM X-Force ID: 212038 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nIBM Security Verify has an information disclosure vulnerability that stems from the possible disclosure of sensitive version information in HTTP response headers, which could facilitate further attacks on the system", sources: [ { db: "NVD", id: "CVE-2021-38956", }, { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "CNNVD", id: "CNNVD-202201-559", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38956", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-017523", trust: 0.8, }, { db: "CS-HELP", id: "SB2022011038", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202201-559", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "NVD", id: "CVE-2021-38956", }, { db: "CNNVD", id: "CNNVD-202201-559", }, ], }, id: "VAR-202201-0359", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T10:52:14.086000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6538418 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6538418", }, { title: "IBM Security Verify Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177311", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "CNNVD", id: "CNNVD-202201-559", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "NVD", id: "CVE-2021-38956", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6538418", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38956", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022011038", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "NVD", id: "CVE-2021-38956", }, { db: "CNNVD", id: "CNNVD-202201-559", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, { db: "NVD", id: "CVE-2021-38956", }, { db: "CNNVD", id: "CNNVD-202201-559", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T00:00:00", db: "JVNDB", id: "JVNDB-2021-017523", }, { date: "2022-01-10T14:10:20.593000", db: "NVD", id: "CVE-2021-38956", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-559", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T06:14:00", db: "JVNDB", id: "JVNDB-2021-017523", }, { date: "2022-01-13T20:34:22.247000", db: "NVD", id: "CVE-2021-38956", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-559", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202201-559", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Vulnerability regarding information leakage in", sources: [ { db: "JVNDB", id: "JVNDB-2021-017523", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202201-559", }, ], trust: 0.6, }, }
var-202402-0149
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0149", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025839", }, { db: "NVD", id: "CVE-2023-32329", }, ], }, cve: "CVE-2023-32329", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.5, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2023-32329", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-32329", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2023-32329", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025839", }, { db: "NVD", id: "CVE-2023-32329", }, { db: "NVD", id: "CVE-2023-32329", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972", sources: [ { db: "NVD", id: "CVE-2023-32329", }, { db: "JVNDB", id: "JVNDB-2023-025839", }, { db: "VULMON", id: "CVE-2023-32329", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-32329", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-025839", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-32329", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-32329", }, { db: "JVNDB", id: "JVNDB-2023-025839", }, { db: "NVD", id: "CVE-2023-32329", }, ], }, id: "VAR-202402-0149", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-02-10T23:16:31.636000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025839", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-345", trust: 1, }, { problemtype: "Inadequate verification of data reliability (CWE-345) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025839", }, { db: "NVD", id: "CVE-2023-32329", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254972", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-32329", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/345.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-32329", }, { db: "JVNDB", id: "JVNDB-2023-025839", }, { db: "NVD", id: "CVE-2023-32329", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-32329", }, { db: "JVNDB", id: "JVNDB-2023-025839", }, { db: "NVD", id: "CVE-2023-32329", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-03T00:00:00", db: "VULMON", id: "CVE-2023-32329", }, { date: "2024-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2023-025839", }, { date: "2024-02-03T01:15:08.847000", db: "NVD", id: "CVE-2023-32329", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-05T00:00:00", db: "VULMON", id: "CVE-2023-32329", }, { date: "2024-02-09T01:21:00", db: "JVNDB", id: "JVNDB-2023-025839", }, { date: "2024-02-07T14:58:45.913000", db: "NVD", id: "CVE-2023-32329", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Inadequate validation of data reliability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025839", }, ], trust: 0.8, }, }
var-202107-0304
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814. Vendor exploits this vulnerability IBM X-Force ID: 198814 Is published as.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0304", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "NVD", id: "CVE-2021-20534", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20534", }, ], }, cve: "CVE-2021-20534", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.8, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4.9, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20534", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 0.9, impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 0.9, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 3.5, baseSeverity: "Low", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-20534", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20534", trust: 1.8, value: "LOW", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20534", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-941", trust: 0.6, value: "LOW", }, { author: "VULMON", id: "CVE-2021-20534", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20534", }, { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "NVD", id: "CVE-2021-20534", }, { db: "NVD", id: "CVE-2021-20534", }, { db: "CNNVD", id: "CNNVD-202107-941", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814. Vendor exploits this vulnerability IBM X-Force ID: 198814 Is published as.Information may be obtained and information may be tampered with", sources: [ { db: "NVD", id: "CVE-2021-20534", }, { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "VULMON", id: "CVE-2021-20534", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20534", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009594", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-941", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20534", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20534", }, { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "NVD", id: "CVE-2021-20534", }, { db: "CNNVD", id: "CNNVD-202107-941", }, ], }, id: "VAR-202107-0304", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:51:31.097000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156634", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "CNNVD", id: "CNNVD-202107-941", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-601", trust: 1, }, { problemtype: "Open redirect (CWE-601) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "NVD", id: "CVE-2021-20534", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198814", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20534", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/601.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20534", }, { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "NVD", id: "CVE-2021-20534", }, { db: "CNNVD", id: "CNNVD-202107-941", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20534", }, { db: "JVNDB", id: "JVNDB-2021-009594", }, { db: "NVD", id: "CVE-2021-20534", }, { db: "CNNVD", id: "CNNVD-202107-941", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20534", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009594", }, { date: "2021-07-15T18:15:09.073000", db: "NVD", id: "CVE-2021-20534", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-941", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-20534", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009594", }, { date: "2021-09-29T16:11:43.950000", db: "NVD", id: "CVE-2021-20534", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-941", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-941", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Open redirect vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-009594", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202107-941", }, ], trust: 0.6, }, }
var-202402-0122
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0122", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025842", }, { db: "NVD", id: "CVE-2023-31006", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.6.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.6.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-31006", }, ], }, cve: "CVE-2023-31006", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2023-31006", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-31006", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2023-31006", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025842", }, { db: "NVD", id: "CVE-2023-31006", }, { db: "NVD", id: "CVE-2023-31006", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776", sources: [ { db: "NVD", id: "CVE-2023-31006", }, { db: "JVNDB", id: "JVNDB-2023-025842", }, { db: "VULMON", id: "CVE-2023-31006", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-31006", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-025842", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-31006", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-31006", }, { db: "JVNDB", id: "JVNDB-2023-025842", }, { db: "NVD", id: "CVE-2023-31006", }, ], }, id: "VAR-202402-0122", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-02-10T23:09:20.840000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025842", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025842", }, { db: "NVD", id: "CVE-2023-31006", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254776", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-31006", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/400.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-31006", }, { db: "JVNDB", id: "JVNDB-2023-025842", }, { db: "NVD", id: "CVE-2023-31006", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-31006", }, { db: "JVNDB", id: "JVNDB-2023-025842", }, { db: "NVD", id: "CVE-2023-31006", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-03T00:00:00", db: "VULMON", id: "CVE-2023-31006", }, { date: "2024-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2023-025842", }, { date: "2024-02-03T01:15:08.467000", db: "NVD", id: "CVE-2023-31006", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-05T00:00:00", db: "VULMON", id: "CVE-2023-31006", }, { date: "2024-02-09T02:09:00", db: "JVNDB", id: "JVNDB-2023-025842", }, { date: "2024-02-07T16:39:47.010000", db: "NVD", id: "CVE-2023-31006", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025842", }, ], trust: 0.8, }, }
var-202201-0293
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. Vendor exploits this vulnerability IBM X-Force ID: 209515 It is published as.Information may be obtained. IBM Security Verify Access (ISAM) is a service provided by IBM in the United States to improve user access security
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0293", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "NVD", id: "CVE-2021-38894", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-38894", }, ], }, cve: "CVE-2021-38894", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-38894", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.2, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.2, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 2.7, baseSeverity: "Low", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-38894", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-38894", trust: 1.8, value: "LOW", }, { author: "psirt@us.ibm.com", id: "CVE-2021-38894", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202201-563", trust: 0.6, value: "LOW", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "NVD", id: "CVE-2021-38894", }, { db: "NVD", id: "CVE-2021-38894", }, { db: "CNNVD", id: "CNNVD-202201-563", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. Vendor exploits this vulnerability IBM X-Force ID: 209515 It is published as.Information may be obtained. IBM Security Verify Access (ISAM) is a service provided by IBM in the United States to improve user access security", sources: [ { db: "NVD", id: "CVE-2021-38894", }, { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "CNNVD", id: "CNNVD-202201-563", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38894", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-017525", trust: 0.8, }, { db: "CS-HELP", id: "SB2022011038", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202201-563", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "NVD", id: "CVE-2021-38894", }, { db: "CNNVD", id: "CNNVD-202201-563", }, ], }, id: "VAR-202201-0293", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T10:55:42.733000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6538418 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6538418", }, { title: "IBM Security Verify Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178040", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "CNNVD", id: "CNNVD-202201-563", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-209", trust: 1, }, { problemtype: "Information leakage due to error message (CWE-209) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "NVD", id: "CVE-2021-38894", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6538418", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38894", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022011038", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "NVD", id: "CVE-2021-38894", }, { db: "CNNVD", id: "CNNVD-202201-563", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, { db: "NVD", id: "CVE-2021-38894", }, { db: "CNNVD", id: "CNNVD-202201-563", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T00:00:00", db: "JVNDB", id: "JVNDB-2021-017525", }, { date: "2022-01-10T14:10:20.410000", db: "NVD", id: "CVE-2021-38894", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-563", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T06:24:00", db: "JVNDB", id: "JVNDB-2021-017525", }, { date: "2022-01-13T20:14:23.457000", db: "NVD", id: "CVE-2021-38894", }, { date: "2022-03-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-563", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202201-563", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Vulnerability regarding information leakage due to error messages in", sources: [ { db: "JVNDB", id: "JVNDB-2021-017525", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202201-563", }, ], trust: 0.6, }, }
var-202010-1451
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1451", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 2.4, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.7.0", }, { model: "security access manager", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "security access manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.7", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "NVD", id: "CVE-2020-4699", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-4699", }, ], }, cve: "CVE-2020-4699", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.9, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2020-4699", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, id: "CNVD-2020-59035", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-4699", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-4699", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2020-4699", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-59035", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202010-351", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-4699", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "VULMON", id: "CVE-2020-4699", }, { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "NVD", id: "CVE-2020-4699", }, { db: "NVD", id: "CVE-2020-4699", }, { db: "CNNVD", id: "CNNVD-202010-351", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. Vendor exploits this vulnerability IBM X-Force ID: 186947 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing", sources: [ { db: "NVD", id: "CVE-2020-4699", }, { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNNVD", id: "CNNVD-202010-351", }, { db: "VULMON", id: "CVE-2020-4699", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-4699", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2020-012246", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-59035", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3499", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202010-351", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-4699", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "VULMON", id: "CVE-2020-4699", }, { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "NVD", id: "CVE-2020-4699", }, { db: "CNNVD", id: "CNNVD-202010-351", }, ], }, id: "VAR-202010-1451", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, ], trust: 0.81866737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, ], }, last_update_date: "2023-12-18T12:16:47.979000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6346619 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6346619", }, { title: "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237688", }, { title: "IBM Security Verify Access and IBM Security Access Manager Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130221", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "CNNVD", id: "CNNVD-202010-351", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-203", trust: 1, }, { problemtype: "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "NVD", id: "CVE-2020-4699", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6346619", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-4699", }, { trust: 1.2, url: "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3499/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/203.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "VULMON", id: "CVE-2020-4699", }, { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "NVD", id: "CVE-2020-4699", }, { db: "CNNVD", id: "CNNVD-202010-351", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "VULMON", id: "CVE-2020-4699", }, { db: "JVNDB", id: "JVNDB-2020-012246", }, { db: "NVD", id: "CVE-2020-4699", }, { db: "CNNVD", id: "CNNVD-202010-351", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59035", }, { date: "2020-10-12T00:00:00", db: "VULMON", id: "CVE-2020-4699", }, { date: "2021-04-27T00:00:00", db: "JVNDB", id: "JVNDB-2020-012246", }, { date: "2020-10-12T13:15:12.570000", db: "NVD", id: "CVE-2020-4699", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202010-351", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59035", }, { date: "2020-10-19T00:00:00", db: "VULMON", id: "CVE-2020-4699", }, { date: "2021-04-27T09:04:00", db: "JVNDB", id: "JVNDB-2020-012246", }, { date: "2020-10-19T15:05:31.833000", db: "NVD", id: "CVE-2020-4699", }, { date: "2020-10-21T00:00:00", db: "CNNVD", id: "CNNVD-202010-351", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202010-351", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager and IBM Security Verify Access Vulnerability regarding information leakage due to difference in response to security-related processing", sources: [ { db: "JVNDB", id: "JVNDB-2020-012246", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202010-351", }, ], trust: 0.6, }, }
var-202207-0369
Vulnerability from variot
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. Vendor exploits this vulnerability IBM X-Force ID: 225081 It is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0369", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.3.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "NVD", id: "CVE-2022-22464", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-22464", }, ], }, cve: "CVE-2022-22464", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2022-22464", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22464", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-22464", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2022-22464", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202207-645", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2022-22464", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2022-22464", }, { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "NVD", id: "CVE-2022-22464", }, { db: "NVD", id: "CVE-2022-22464", }, { db: "CNNVD", id: "CNNVD-202207-645", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. Vendor exploits this vulnerability IBM X-Force ID: 225081 It is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2022-22464", }, { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "VULMON", id: "CVE-2022-22464", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22464", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-015277", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202207-645", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-22464", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-22464", }, { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "NVD", id: "CVE-2022-22464", }, { db: "CNNVD", id: "CNNVD-202207-645", }, ], }, id: "VAR-202207-0369", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:11:57.758000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6601729 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6601729", }, { title: "IBM Security Access Manager Appliance Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200243", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "CNNVD", id: "CNNVD-202207-645", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-326", trust: 1, }, { problemtype: "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "NVD", id: "CVE-2022-22464", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6601729", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22464", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22464/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/326.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22464", }, { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "NVD", id: "CVE-2022-22464", }, { db: "CNNVD", id: "CNNVD-202207-645", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-22464", }, { db: "JVNDB", id: "JVNDB-2022-015277", }, { db: "NVD", id: "CVE-2022-22464", }, { db: "CNNVD", id: "CNNVD-202207-645", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-08T00:00:00", db: "VULMON", id: "CVE-2022-22464", }, { date: "2023-09-26T00:00:00", db: "JVNDB", id: "JVNDB-2022-015277", }, { date: "2022-07-08T18:15:09.620000", db: "NVD", id: "CVE-2022-22464", }, { date: "2022-07-08T00:00:00", db: "CNNVD", id: "CNNVD-202207-645", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-16T00:00:00", db: "VULMON", id: "CVE-2022-22464", }, { date: "2023-09-26T07:04:00", db: "JVNDB", id: "JVNDB-2022-015277", }, { date: "2022-07-16T01:22:30.297000", db: "NVD", id: "CVE-2022-22464", }, { date: "2022-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202207-645", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202207-645", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Appliance Cryptographic strength vulnerabilities in", sources: [ { db: "JVNDB", id: "JVNDB-2022-015277", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202207-645", }, ], trust: 0.6, }, }
var-202106-1008
Vulnerability from variot
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1008", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 2.4, vendor: "ibm", version: "20.07", }, { model: "security verify access", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-38675", }, { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "NVD", id: "CVE-2021-29665", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-29665", }, ], }, cve: "CVE-2021-29665", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-29665", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.6, confidentialityImpact: "COMPLETE", exploitabilityScore: 4.9, id: "CNVD-2021-38675", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-29665", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-29665", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-29665", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2021-38675", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202105-1983", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-29665", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-38675", }, { db: "VULMON", id: "CVE-2021-29665", }, { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "NVD", id: "CVE-2021-29665", }, { db: "NVD", id: "CVE-2021-29665", }, { db: "CNNVD", id: "CNNVD-202105-1983", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies", sources: [ { db: "NVD", id: "CVE-2021-29665", }, { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "CNVD", id: "CNVD-2021-38675", }, { db: "VULMON", id: "CVE-2021-29665", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-29665", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2021-007391", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-38675", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202105-1983", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-29665", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-38675", }, { db: "VULMON", id: "CVE-2021-29665", }, { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "NVD", id: "CVE-2021-29665", }, { db: "CNNVD", id: "CNNVD-202105-1983", }, ], }, id: "VAR-202106-1008", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-38675", }, ], trust: 0.81866737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-38675", }, ], }, last_update_date: "2023-12-18T12:49:11.442000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6457315 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6457315", }, { title: "Patch for IBM Security Verify Access buffer overflow vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/269306", }, { title: "IBM Application Gateway Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153069", }, { title: "IBM: Security Bulletin: Multiple Security Vulnerabilities have been resolved in IBM Application Gateway (CVE-2021-20576, CVE-2021-20575, CVE-2021-29665)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=88a378c781f076de4893a6cb4e89d3c9", }, { title: "CVE-2021-29665", trust: 0.1, url: "https://github.com/jamesgeeee/cve-2021-29665 ", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-38675", }, { db: "VULMON", id: "CVE-2021-29665", }, { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "CNNVD", id: "CNNVD-202105-1983", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "NVD", id: "CVE-2021-29665", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6457315", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-29665", }, { trust: 0.7, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://github.com/jamesgeeee/cve-2021-29665", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-38675", }, { db: "VULMON", id: "CVE-2021-29665", }, { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "NVD", id: "CVE-2021-29665", }, { db: "CNNVD", id: "CNNVD-202105-1983", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-38675", }, { db: "VULMON", id: "CVE-2021-29665", }, { db: "JVNDB", id: "JVNDB-2021-007391", }, { db: "NVD", id: "CVE-2021-29665", }, { db: "CNNVD", id: "CNNVD-202105-1983", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-02T00:00:00", db: "CNVD", id: "CNVD-2021-38675", }, { date: "2021-06-01T00:00:00", db: "VULMON", id: "CVE-2021-29665", }, { date: "2022-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2021-007391", }, { date: "2021-06-01T14:15:09.843000", db: "NVD", id: "CVE-2021-29665", }, { date: "2021-05-28T00:00:00", db: "CNNVD", id: "CNNVD-202105-1983", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-02T00:00:00", db: "CNVD", id: "CNVD-2021-38675", }, { date: "2021-06-07T00:00:00", db: "VULMON", id: "CVE-2021-29665", }, { date: "2022-02-09T09:07:00", db: "JVNDB", id: "JVNDB-2021-007391", }, { date: "2021-06-07T19:37:46.050000", db: "NVD", id: "CVE-2021-29665", }, { date: "2021-06-09T00:00:00", db: "CNNVD", id: "CNNVD-202105-1983", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202105-1983", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Out-of-bounds Vulnerability in Microsoft", sources: [ { db: "JVNDB", id: "JVNDB-2021-007391", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202105-1983", }, ], trust: 0.6, }, }
var-202010-1454
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Vendor exploits this vulnerability IBM X-Force ID: 182216 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile, and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1454", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.4, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: "lt", trust: 1, vendor: "ibm", version: "9.0.7.2", }, { model: "security verify access", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.1", }, { model: "security access manager", scope: "gte", trust: 1, vendor: "ibm", version: "9.0.7.0", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: null, trust: 0.8, vendor: "ibm", version: null, }, { model: "security access manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.0.7", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57818", }, { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "NVD", id: "CVE-2020-4499", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.0.7.2", versionStartIncluding: "9.0.7.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.1", versionStartIncluding: "10.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-4499", }, ], }, cve: "CVE-2020-4499", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2020-4499", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-57818", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-4499", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-4499", trust: 1.8, value: "CRITICAL", }, { author: "psirt@us.ibm.com", id: "CVE-2020-4499", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2020-57818", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202010-651", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2020-4499", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57818", }, { db: "VULMON", id: "CVE-2020-4499", }, { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "NVD", id: "CVE-2020-4499", }, { db: "NVD", id: "CVE-2020-4499", }, { db: "CNNVD", id: "CNNVD-202010-651", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. Vendor exploits this vulnerability IBM X-Force ID: 182216 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile, and cloud computing", sources: [ { db: "NVD", id: "CVE-2020-4499", }, { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "CNVD", id: "CNVD-2020-57818", }, { db: "CNNVD", id: "CNNVD-202010-651", }, { db: "VULMON", id: "CVE-2020-4499", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-4499", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2020-012332", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-57818", trust: 0.6, }, { db: "NSFOCUS", id: "50180", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3558", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202010-651", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-4499", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57818", }, { db: "VULMON", id: "CVE-2020-4499", }, { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "NVD", id: "CVE-2020-4499", }, { db: "CNNVD", id: "CNNVD-202010-651", }, ], }, id: "VAR-202010-1454", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-57818", }, ], trust: 0.81866737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57818", }, ], }, last_update_date: "2023-12-18T11:39:04.551000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6348046 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6348046", }, { title: "Patch for IBM Security Access Manager and IBM Security Verify Access certification bypass vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237052", }, { title: "IBM Security Access Manager and IBM Security Verify Access Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131300", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57818", }, { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "CNNVD", id: "CNNVD-202010-651", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of authentication (CWE-862) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "NVD", id: "CVE-2020-4499", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-4499", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6348046", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3558/", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/50180", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-57818", }, { db: "VULMON", id: "CVE-2020-4499", }, { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "NVD", id: "CVE-2020-4499", }, { db: "CNNVD", id: "CNNVD-202010-651", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-57818", }, { db: "VULMON", id: "CVE-2020-4499", }, { db: "JVNDB", id: "JVNDB-2020-012332", }, { db: "NVD", id: "CVE-2020-4499", }, { db: "CNNVD", id: "CNNVD-202010-651", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-21T00:00:00", db: "CNVD", id: "CNVD-2020-57818", }, { date: "2020-10-15T00:00:00", db: "VULMON", id: "CVE-2020-4499", }, { date: "2021-04-30T00:00:00", db: "JVNDB", id: "JVNDB-2020-012332", }, { date: "2020-10-15T13:15:12.913000", db: "NVD", id: "CVE-2020-4499", }, { date: "2020-10-15T00:00:00", db: "CNNVD", id: "CNNVD-202010-651", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-21T00:00:00", db: "CNVD", id: "CNVD-2020-57818", }, { date: "2021-07-21T00:00:00", db: "VULMON", id: "CVE-2020-4499", }, { date: "2021-04-30T06:32:00", db: "JVNDB", id: "JVNDB-2020-012332", }, { date: "2021-07-21T11:39:23.747000", db: "NVD", id: "CVE-2020-4499", }, { date: "2020-11-05T00:00:00", db: "CNNVD", id: "CNNVD-202010-651", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202010-651", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager and IBM Security Verify Access Vulnerability in Microsoft", sources: [ { db: "JVNDB", id: "JVNDB-2020-012332", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202010-651", }, ], trust: 0.6, }, }
var-202203-1581
Vulnerability from variot
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. The following products and versions are affected: 10.0.0, 10.0.1, 10.0.2, 10.0.3
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1581", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.1", }, { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.3", }, { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.2", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "security verify access", scope: null, trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "NVD", id: "CVE-2022-22311", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-22311", }, ], }, cve: "CVE-2022-22311", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2022-22311", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 4.2, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.2, impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-22311", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-22311", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2022-22311", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202203-2675", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2022-22311", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2022-22311", }, { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "CNNVD", id: "CNNVD-202203-2675", }, { db: "NVD", id: "CVE-2022-22311", }, { db: "NVD", id: "CVE-2022-22311", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. The following products and versions are affected: 10.0.0, 10.0.1, 10.0.2, 10.0.3", sources: [ { db: "NVD", id: "CVE-2022-22311", }, { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "CNNVD", id: "CNNVD-202203-2675", }, { db: "VULMON", id: "CVE-2022-22311", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22311", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-004965", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202203-2675", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-22311", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-22311", }, { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "CNNVD", id: "CNNVD-202203-2675", }, { db: "NVD", id: "CVE-2022-22311", }, ], }, id: "VAR-202203-1581", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2024-02-13T22:47:42.790000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6568043 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6568043", }, { title: "IBM Security Verify Access Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=188378", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305 ", }, { title: "CVE-2022-XXXX", trust: 0.1, url: "https://github.com/alphabugx/cve-2022-rce ", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22311", }, { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "CNNVD", id: "CNNVD-202203-2675", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, { problemtype: "Inappropriate input confirmation (CWE-20) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "NVD", id: "CVE-2022-22311", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6568043", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22311", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22311/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/alphabugx/cve-2022-23305", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22311", }, { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "CNNVD", id: "CNNVD-202203-2675", }, { db: "NVD", id: "CVE-2022-22311", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-22311", }, { db: "JVNDB", id: "JVNDB-2022-004965", }, { db: "CNNVD", id: "CNNVD-202203-2675", }, { db: "NVD", id: "CVE-2022-22311", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-31T00:00:00", db: "VULMON", id: "CVE-2022-22311", }, { date: "2023-05-12T00:00:00", db: "JVNDB", id: "JVNDB-2022-004965", }, { date: "2022-03-31T00:00:00", db: "CNNVD", id: "CNNVD-202203-2675", }, { date: "2022-03-31T18:15:09.437000", db: "NVD", id: "CVE-2022-22311", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-09T00:00:00", db: "VULMON", id: "CVE-2022-22311", }, { date: "2023-05-12T05:54:00", db: "JVNDB", id: "JVNDB-2022-004965", }, { date: "2022-04-11T00:00:00", db: "CNNVD", id: "CNNVD-202203-2675", }, { date: "2022-04-09T01:35:04.040000", db: "NVD", id: "CVE-2022-22311", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202203-2675", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Input verification vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-004965", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202203-2675", }, ], trust: 0.6, }, }
var-202207-0328
Vulnerability from variot
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. Vendor exploits this vulnerability IBM X-Force ID: 221194 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication A cross-site scripting vulnerability exists in IBM Security Verify Access version 10.0.0 that arises from insufficient sanitization of user-supplied data. A remote user can trick a victim into following a specially crafted link and execute arbitrary HTML and script code on the vulnerable website in the user's browser
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0328", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.3.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "NVD", id: "CVE-2022-22370", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-22370", }, ], }, cve: "CVE-2022-22370", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2022-22370", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2022-22370", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-22370", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2022-22370", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202207-539", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2022-22370", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2022-22370", }, { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "NVD", id: "CVE-2022-22370", }, { db: "NVD", id: "CVE-2022-22370", }, { db: "CNNVD", id: "CNNVD-202207-539", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. Vendor exploits this vulnerability IBM X-Force ID: 221194 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nA cross-site scripting vulnerability exists in IBM Security Verify Access version 10.0.0 that arises from insufficient sanitization of user-supplied data. A remote user can trick a victim into following a specially crafted link and execute arbitrary HTML and script code on the vulnerable website in the user's browser", sources: [ { db: "NVD", id: "CVE-2022-22370", }, { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "CNNVD", id: "CNNVD-202207-539", }, { db: "VULMON", id: "CVE-2022-22370", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22370", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-015241", trust: 0.8, }, { db: "CS-HELP", id: "SB2022070714", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202207-539", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-22370", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-22370", }, { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "NVD", id: "CVE-2022-22370", }, { db: "CNNVD", id: "CNNVD-202207-539", }, ], }, id: "VAR-202207-0328", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:55:23.276000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6601725 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6601725", }, { title: "IBM Security Verify Access Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=198965", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "CNNVD", id: "CNNVD-202207-539", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "NVD", id: "CVE-2022-22370", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6601725", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22370", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22370/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022070714", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22370", }, { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "NVD", id: "CVE-2022-22370", }, { db: "CNNVD", id: "CNNVD-202207-539", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-22370", }, { db: "JVNDB", id: "JVNDB-2022-015241", }, { db: "NVD", id: "CVE-2022-22370", }, { db: "CNNVD", id: "CNNVD-202207-539", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-08T00:00:00", db: "VULMON", id: "CVE-2022-22370", }, { date: "2023-09-26T00:00:00", db: "JVNDB", id: "JVNDB-2022-015241", }, { date: "2022-07-08T18:15:09.513000", db: "NVD", id: "CVE-2022-22370", }, { date: "2022-07-07T00:00:00", db: "CNNVD", id: "CNNVD-202207-539", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-20T00:00:00", db: "VULMON", id: "CVE-2022-22370", }, { date: "2023-09-26T02:20:00", db: "JVNDB", id: "JVNDB-2022-015241", }, { date: "2022-07-20T17:21:21.043000", db: "NVD", id: "CVE-2022-22370", }, { date: "2022-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202207-539", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202207-539", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Cross-site scripting vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-015241", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202207-539", }, ], trust: 0.6, }, }
var-202010-1443
Vulnerability from variot
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1443", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 3.6, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: "eq", trust: 1.8, vendor: "ibm", version: "9.0.7", }, { model: "security access manager", scope: "eq", trust: 1, vendor: "ibm", version: "9.0.7.0", }, { model: "security access manager", scope: null, trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "NVD", id: "CVE-2020-4661", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_access_manager:9.0.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-4661", }, ], }, cve: "CVE-2020-4661", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.9, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2020-4661", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, id: "CNVD-2020-59035", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, id: "CNVD-2020-59034", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, id: "CNVD-2020-59033", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-4661", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-4661", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2020-4661", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-59035", trust: 0.6, value: "LOW", }, { author: "CNVD", id: "CNVD-2020-59034", trust: 0.6, value: "LOW", }, { author: "CNVD", id: "CNVD-2020-59033", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202010-333", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "NVD", id: "CVE-2020-4661", }, { db: "NVD", id: "CVE-2020-4661", }, { db: "CNNVD", id: "CNNVD-202010-333", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. Vendor exploits this vulnerability IBM X-Force ID: 186142 Is published as.Information may be obtained. The product implements access management control through integrated devices for Web, mobile and cloud computing", sources: [ { db: "NVD", id: "CVE-2020-4661", }, { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "CNNVD", id: "CNNVD-202010-333", }, ], trust: 3.78, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-4661", trust: 4.2, }, { db: "JVNDB", id: "JVNDB-2020-012245", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-59035", trust: 0.6, }, { db: "CNVD", id: "CNVD-2020-59034", trust: 0.6, }, { db: "CNVD", id: "CNVD-2020-59033", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3499", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202010-333", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "NVD", id: "CVE-2020-4661", }, { db: "CNNVD", id: "CNNVD-202010-333", }, ], }, id: "VAR-202010-1443", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, ], trust: 2.01866737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 1.8, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, ], }, last_update_date: "2023-12-18T12:16:48.007000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6346619 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6346619", }, { title: "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237688", }, { title: "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59034)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237685", }, { title: "Patch for IBM Security Access Manager and IBM Security Verify Access information disclosure vulnerability (CNVD-2020-59033)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237682", }, { title: "IBM Security Access Manager Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=130220", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "CNNVD", id: "CNNVD-202010-333", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-203", trust: 1, }, { problemtype: "Information leakage due to difference in response to security-related processing (CWE-203) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "NVD", id: "CVE-2020-4661", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-cve-2020-4661-cve-2020-4699-cve-2020-4660/", }, { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6346619", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-4661", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3499/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "NVD", id: "CVE-2020-4661", }, { db: "CNNVD", id: "CNNVD-202010-333", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-59035", }, { db: "CNVD", id: "CNVD-2020-59034", }, { db: "CNVD", id: "CNVD-2020-59033", }, { db: "JVNDB", id: "JVNDB-2020-012245", }, { db: "NVD", id: "CVE-2020-4661", }, { db: "CNNVD", id: "CNNVD-202010-333", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59035", }, { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59034", }, { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59033", }, { date: "2021-04-27T00:00:00", db: "JVNDB", id: "JVNDB-2020-012245", }, { date: "2020-10-12T13:15:12.493000", db: "NVD", id: "CVE-2020-4661", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202010-333", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59035", }, { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59034", }, { date: "2020-10-27T00:00:00", db: "CNVD", id: "CNVD-2020-59033", }, { date: "2021-04-27T09:04:00", db: "JVNDB", id: "JVNDB-2020-012245", }, { date: "2020-10-19T15:02:24.347000", db: "NVD", id: "CVE-2020-4661", }, { date: "2020-10-21T00:00:00", db: "CNNVD", id: "CNNVD-202010-333", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202010-333", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager and IBM Security Verify Access Vulnerability regarding information leakage due to difference in response to security-related processing", sources: [ { db: "JVNDB", id: "JVNDB-2020-012245", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202010-333", }, ], trust: 0.6, }, }
var-202401-1842
Vulnerability from variot
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-1842", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.7", }, { model: "security verify access docker", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.7", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 that's all 10.0.0.7", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 that's all 10.0.0.7", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 that's all 10.0.0.7", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, { db: "NVD", id: "CVE-2023-38267", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.7", versionStartIncluding: "10.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.7", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-38267", }, ], }, cve: "CVE-2023-38267", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.5, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-38267", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-38267", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2023-38267", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, { db: "NVD", id: "CVE-2023-38267", }, { db: "NVD", id: "CVE-2023-38267", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584", sources: [ { db: "NVD", id: "CVE-2023-38267", }, { db: "JVNDB", id: "JVNDB-2024-001395", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-38267", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2024-001395", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, { db: "NVD", id: "CVE-2023-38267", }, ], }, id: "VAR-202401-1842", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-05-25T01:24:49.002000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-311", trust: 1, }, { problemtype: "Lack of encryption of critical data (CWE-311) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, { db: "NVD", id: "CVE-2023-38267", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/260584", }, { trust: 1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-38267", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, { db: "NVD", id: "CVE-2023-38267", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, { db: "NVD", id: "CVE-2023-38267", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-02T00:00:00", db: "JVNDB", id: "JVNDB-2024-001395", }, { date: "2024-01-11T03:15:09.803000", db: "NVD", id: "CVE-2023-38267", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-02T07:56:00", db: "JVNDB", id: "JVNDB-2024-001395", }, { date: "2024-05-24T15:15:23.100000", db: "NVD", id: "CVE-2023-38267", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Vulnerability regarding lack of encryption of critical data in", sources: [ { db: "JVNDB", id: "JVNDB-2024-001395", }, ], trust: 0.8, }, }
var-202401-2519
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-2519", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.7", }, { model: "security verify access docker", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.7", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, ], sources: [ { db: "NVD", id: "CVE-2023-31003", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.7", versionStartIncluding: "10.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.7", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-31003", }, ], }, cve: "CVE-2023-31003", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.5, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-31003", trust: 1, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2023-31003", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-31003", }, { db: "NVD", id: "CVE-2023-31003", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.", sources: [ { db: "NVD", id: "CVE-2023-31003", }, ], trust: 1, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-31003", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-31003", }, ], }, id: "VAR-202401-2519", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-03-07T22:48:01.098000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-59", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-31003", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254658", }, { trust: 1, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "NVD", id: "CVE-2023-31003", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "NVD", id: "CVE-2023-31003", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-11T03:15:09.617000", db: "NVD", id: "CVE-2023-31003", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-18T17:06:42.260000", db: "NVD", id: "CVE-2023-31003", }, ], }, }
var-202201-0543
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. Vendor exploits this vulnerability IBM X-Force ID: 209563 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication IBM Security Verify Access has a cross-site scripting vulnerability that stems from vulnerability to cross-site scripting
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0543", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "NVD", id: "CVE-2021-38895", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-38895", }, ], }, cve: "CVE-2021-38895", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-38895", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.3, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-38895", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-38895", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-38895", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202201-564", trust: 0.6, value: "LOW", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "NVD", id: "CVE-2021-38895", }, { db: "NVD", id: "CVE-2021-38895", }, { db: "CNNVD", id: "CNNVD-202201-564", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. Vendor exploits this vulnerability IBM X-Force ID: 209563 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nIBM Security Verify Access has a cross-site scripting vulnerability that stems from vulnerability to cross-site scripting", sources: [ { db: "NVD", id: "CVE-2021-38895", }, { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "CNNVD", id: "CNNVD-202201-564", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38895", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-017526", trust: 0.8, }, { db: "CS-HELP", id: "SB2022011038", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202201-564", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "NVD", id: "CVE-2021-38895", }, { db: "CNNVD", id: "CNNVD-202201-564", }, ], }, id: "VAR-202201-0543", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T11:10:40.753000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6538418 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6538418", }, { title: "IBM Security Verify Access Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177316", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "CNNVD", id: "CNNVD-202201-564", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "NVD", id: "CVE-2021-38895", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6538418", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38895", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022011038", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "NVD", id: "CVE-2021-38895", }, { db: "CNNVD", id: "CNNVD-202201-564", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, { db: "NVD", id: "CVE-2021-38895", }, { db: "CNNVD", id: "CNNVD-202201-564", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T00:00:00", db: "JVNDB", id: "JVNDB-2021-017526", }, { date: "2022-01-10T14:10:20.470000", db: "NVD", id: "CVE-2021-38895", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-564", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T06:26:00", db: "JVNDB", id: "JVNDB-2021-017526", }, { date: "2022-01-13T20:19:46.163000", db: "NVD", id: "CVE-2021-38895", }, { date: "2022-02-09T00:00:00", db: "CNNVD", id: "CNNVD-202201-564", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202201-564", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Cross-site scripting vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-017526", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202201-564", }, ], trust: 0.6, }, }
var-202107-0285
Vulnerability from variot
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0285", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security access manager", scope: "eq", trust: 1, vendor: "ibm", version: "9.0", }, { model: "security access manager", scope: null, trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "NVD", id: "CVE-2021-20439", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_access_manager:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20439", }, ], }, cve: "CVE-2021-20439", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20439", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20439", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20439", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20439", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202107-976", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-20439", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20439", }, { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "NVD", id: "CVE-2021-20439", }, { db: "NVD", id: "CVE-2021-20439", }, { db: "CNNVD", id: "CNNVD-202107-976", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user", sources: [ { db: "NVD", id: "CVE-2021-20439", }, { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "VULMON", id: "CVE-2021-20439", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20439", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-010100", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-976", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20439", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20439", }, { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "NVD", id: "CVE-2021-20439", }, { db: "CNNVD", id: "CNNVD-202107-976", }, ], }, id: "VAR-202107-0285", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T14:04:19.718000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471903 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471903", }, { title: "IBM Security Access Manager Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156663", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "CNNVD", id: "CNNVD-202107-976", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-522", trust: 1, }, { problemtype: "Inadequate protection of credentials (CWE-522) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "NVD", id: "CVE-2021-20439", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196453", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471903", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20439", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-was-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-docker-containers/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/522.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20439", }, { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "NVD", id: "CVE-2021-20439", }, { db: "CNNVD", id: "CNNVD-202107-976", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20439", }, { db: "JVNDB", id: "JVNDB-2021-010100", }, { db: "NVD", id: "CVE-2021-20439", }, { db: "CNNVD", id: "CNNVD-202107-976", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20439", }, { date: "2022-06-17T00:00:00", db: "JVNDB", id: "JVNDB-2021-010100", }, { date: "2021-07-15T16:15:09.410000", db: "NVD", id: "CVE-2021-20439", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-976", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-31T00:00:00", db: "VULMON", id: "CVE-2021-20439", }, { date: "2022-06-17T06:01:00", db: "JVNDB", id: "JVNDB-2021-010100", }, { date: "2021-07-31T00:55:04.620000", db: "NVD", id: "CVE-2021-20439", }, { date: "2021-08-02T00:00:00", db: "CNNVD", id: "CNNVD-202107-976", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-976", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager and Security Verify Access Docker Vulnerability regarding insufficient protection of authentication information in", sources: [ { db: "JVNDB", id: "JVNDB-2021-010100", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202107-976", }, ], trust: 0.6, }, }
var-202402-0283
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0283", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access docker", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025797", }, { db: "NVD", id: "CVE-2023-30999", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.6.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.6.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-30999", }, ], }, cve: "CVE-2023-30999", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2023-30999", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-30999", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2023-30999", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025797", }, { db: "NVD", id: "CVE-2023-30999", }, { db: "NVD", id: "CVE-2023-30999", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651", sources: [ { db: "NVD", id: "CVE-2023-30999", }, { db: "JVNDB", id: "JVNDB-2023-025797", }, { db: "VULMON", id: "CVE-2023-30999", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-30999", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-025797", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-30999", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-30999", }, { db: "JVNDB", id: "JVNDB-2023-025797", }, { db: "NVD", id: "CVE-2023-30999", }, ], }, id: "VAR-202402-0283", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-02-09T22:44:23.480000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025797", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-400", trust: 1, }, { problemtype: "Resource exhaustion (CWE-400) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025797", }, { db: "NVD", id: "CVE-2023-30999", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254651", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-30999", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/400.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-30999", }, { db: "JVNDB", id: "JVNDB-2023-025797", }, { db: "NVD", id: "CVE-2023-30999", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-30999", }, { db: "JVNDB", id: "JVNDB-2023-025797", }, { db: "NVD", id: "CVE-2023-30999", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-03T00:00:00", db: "VULMON", id: "CVE-2023-30999", }, { date: "2024-02-08T00:00:00", db: "JVNDB", id: "JVNDB-2023-025797", }, { date: "2024-02-03T01:15:07.850000", db: "NVD", id: "CVE-2023-30999", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-05T00:00:00", db: "VULMON", id: "CVE-2023-30999", }, { date: "2024-02-08T01:43:00", db: "JVNDB", id: "JVNDB-2023-025797", }, { date: "2024-02-06T21:31:55.033000", db: "NVD", id: "CVE-2023-30999", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Resource exhaustion vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025797", }, ], trust: 0.8, }, }
var-202107-0302
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. Vendor is responsible for this vulnerability IBM X-Force ID: 198661 Is published as.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0302", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "NVD", id: "CVE-2021-20524", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20524", }, ], }, cve: "CVE-2021-20524", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20524", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 1.7, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 4.8, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-20524", impactScore: null, integrityImpact: "Low", privilegesRequired: "High", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20524", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20524", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-956", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20524", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20524", }, { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "NVD", id: "CVE-2021-20524", }, { db: "NVD", id: "CVE-2021-20524", }, { db: "CNNVD", id: "CNNVD-202107-956", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. Vendor is responsible for this vulnerability IBM X-Force ID: 198661 Is published as.Information may be obtained and information may be tampered with", sources: [ { db: "NVD", id: "CVE-2021-20524", }, { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "VULMON", id: "CVE-2021-20524", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20524", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009592", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-956", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20524", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20524", }, { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "NVD", id: "CVE-2021-20524", }, { db: "CNNVD", id: "CNNVD-202107-956", }, ], }, id: "VAR-202107-0302", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T12:49:10.475000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Fixes for code injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156645", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "CNNVD", id: "CNNVD-202107-956", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "NVD", id: "CVE-2021-20524", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198661", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20524", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20524", }, { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "NVD", id: "CVE-2021-20524", }, { db: "CNNVD", id: "CNNVD-202107-956", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20524", }, { db: "JVNDB", id: "JVNDB-2021-009592", }, { db: "NVD", id: "CVE-2021-20524", }, { db: "CNNVD", id: "CNNVD-202107-956", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20524", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009592", }, { date: "2021-07-15T18:15:08.997000", db: "NVD", id: "CVE-2021-20524", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-956", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-20524", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009592", }, { date: "2021-09-29T16:11:15.503000", db: "NVD", id: "CVE-2021-20524", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-956", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-956", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Cross-site Scripting Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-009592", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202107-956", }, ], trust: 0.6, }, }
var-202307-1849
Vulnerability from variot
IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-1849", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "10.0.0", }, ], sources: [ { db: "NVD", id: "CVE-2023-30433", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-30433", }, ], }, cve: "CVE-2023-30433", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-30433", trust: 1, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2023-30433", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202307-1650", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-30433", }, { db: "NVD", id: "CVE-2023-30433", }, { db: "CNNVD", id: "CNNVD-202307-1650", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186", sources: [ { db: "NVD", id: "CVE-2023-30433", }, { db: "CNNVD", id: "CNNVD-202307-1650", }, { db: "VULMON", id: "CVE-2023-30433", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-30433", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202307-1650", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-30433", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-30433", }, { db: "NVD", id: "CVE-2023-30433", }, { db: "CNNVD", id: "CNNVD-202307-1650", }, ], }, id: "VAR-202307-1849", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:36:08.494000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "IBM Security Verify Access Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246745", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202307-1650", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-601", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-30433", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252186", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/7012613", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-30433/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2023-30433", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-30433", }, { db: "NVD", id: "CVE-2023-30433", }, { db: "CNNVD", id: "CNNVD-202307-1650", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-30433", }, { db: "NVD", id: "CVE-2023-30433", }, { db: "CNNVD", id: "CNNVD-202307-1650", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-19T00:00:00", db: "VULMON", id: "CVE-2023-30433", }, { date: "2023-07-19T01:15:09.833000", db: "NVD", id: "CVE-2023-30433", }, { date: "2023-07-18T00:00:00", db: "CNNVD", id: "CNNVD-202307-1650", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-19T00:00:00", db: "VULMON", id: "CVE-2023-30433", }, { date: "2023-07-28T13:57:03.003000", db: "NVD", id: "CVE-2023-30433", }, { date: "2023-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202307-1650", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202307-1650", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Input validation error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202307-1650", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202307-1650", }, ], trust: 0.6, }, }
var-202402-0256
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0256", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025818", }, { db: "NVD", id: "CVE-2023-31005", }, ], }, cve: "CVE-2023-31005", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.5, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-31005", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-31005", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2023-31005", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025818", }, { db: "NVD", id: "CVE-2023-31005", }, { db: "NVD", id: "CVE-2023-31005", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-31005", }, { db: "JVNDB", id: "JVNDB-2023-025818", }, { db: "VULMON", id: "CVE-2023-31005", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-31005", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-025818", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-31005", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-31005", }, { db: "JVNDB", id: "JVNDB-2023-025818", }, { db: "NVD", id: "CVE-2023-31005", }, ], }, id: "VAR-202402-0256", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-02-10T23:17:36.676000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025818", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-269", trust: 1, }, { problemtype: "Improper authority management (CWE-269) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025818", }, { db: "NVD", id: "CVE-2023-31005", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254767", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-31005", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/269.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-31005", }, { db: "JVNDB", id: "JVNDB-2023-025818", }, { db: "NVD", id: "CVE-2023-31005", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-31005", }, { db: "JVNDB", id: "JVNDB-2023-025818", }, { db: "NVD", id: "CVE-2023-31005", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-03T00:00:00", db: "VULMON", id: "CVE-2023-31005", }, { date: "2024-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2023-025818", }, { date: "2024-02-03T01:15:08.283000", db: "NVD", id: "CVE-2023-31005", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-05T00:00:00", db: "VULMON", id: "CVE-2023-31005", }, { date: "2024-02-09T00:48:00", db: "JVNDB", id: "JVNDB-2023-025818", }, { date: "2024-02-07T16:04:27.170000", db: "NVD", id: "CVE-2023-31005", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Vulnerability in privilege management in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025818", }, ], trust: 0.8, }, }
var-202107-0295
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973. Vendor is responsible for this vulnerability IBM X-Force ID: 197973 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0295", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "NVD", id: "CVE-2021-20499", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20499", }, ], }, cve: "CVE-2021-20499", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20499", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.2, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.2, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 2.7, baseSeverity: "Low", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-20499", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20499", trust: 1.8, value: "LOW", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20499", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202107-907", trust: 0.6, value: "LOW", }, { author: "VULMON", id: "CVE-2021-20499", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20499", }, { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "NVD", id: "CVE-2021-20499", }, { db: "NVD", id: "CVE-2021-20499", }, { db: "CNNVD", id: "CNNVD-202107-907", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973. Vendor is responsible for this vulnerability IBM X-Force ID: 197973 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20499", }, { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "VULMON", id: "CVE-2021-20499", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20499", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009587", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-907", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20499", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20499", }, { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "NVD", id: "CVE-2021-20499", }, { db: "CNNVD", id: "CNNVD-202107-907", }, ], }, id: "VAR-202107-0295", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:55:51.338000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Remedial measures for debugging information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156600", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "CNNVD", id: "CNNVD-202107-907", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-209", trust: 1, }, { problemtype: "Information leakage due to error message (CWE-209) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "NVD", id: "CVE-2021-20499", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/197973", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20499", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/209.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20499", }, { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "NVD", id: "CVE-2021-20499", }, { db: "CNNVD", id: "CNNVD-202107-907", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20499", }, { db: "JVNDB", id: "JVNDB-2021-009587", }, { db: "NVD", id: "CVE-2021-20499", }, { db: "CNNVD", id: "CNNVD-202107-907", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20499", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009587", }, { date: "2021-07-15T18:15:08.807000", db: "NVD", id: "CVE-2021-20499", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-907", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-20499", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009587", }, { date: "2021-09-29T15:40:55.007000", db: "NVD", id: "CVE-2021-20499", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-907", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-907", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Information Leakage Vulnerability in Error Messages", sources: [ { db: "JVNDB", id: "JVNDB-2021-009587", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "debugging information leaks", sources: [ { db: "CNNVD", id: "CNNVD-202107-907", }, ], trust: 0.6, }, }
var-202107-0684
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. Vendor exploits this vulnerability IBM X-Force ID: 201483 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0684", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "NVD", id: "CVE-2021-29742", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-29742", }, ], }, cve: "CVE-2021-29742", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.1, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 5.2, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-29742", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-29742", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-29742", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-29742", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202107-934", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-29742", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-29742", }, { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "NVD", id: "CVE-2021-29742", }, { db: "NVD", id: "CVE-2021-29742", }, { db: "CNNVD", id: "CNNVD-202107-934", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. Vendor exploits this vulnerability IBM X-Force ID: 201483 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2021-29742", }, { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "VULMON", id: "CVE-2021-29742", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-29742", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009578", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-934", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-29742", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-29742", }, { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "NVD", id: "CVE-2021-29742", }, { db: "CNNVD", id: "CNNVD-202107-934", }, ], }, id: "VAR-202107-0684", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:37:24.026000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Appliance Fixes for permissions and access control issues vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156627", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "CNNVD", id: "CNNVD-202107-934", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "NVD", id: "CVE-2021-29742", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/201483", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-29742", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-29742", }, { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "NVD", id: "CVE-2021-29742", }, { db: "CNNVD", id: "CNNVD-202107-934", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-29742", }, { db: "JVNDB", id: "JVNDB-2021-009578", }, { db: "NVD", id: "CVE-2021-29742", }, { db: "CNNVD", id: "CNNVD-202107-934", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-29742", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009578", }, { date: "2021-07-15T18:15:09.190000", db: "NVD", id: "CVE-2021-29742", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-934", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-29742", }, { date: "2022-05-11T04:55:00", db: "JVNDB", id: "JVNDB-2021-009578", }, { date: "2021-09-29T16:12:42.363000", db: "NVD", id: "CVE-2021-29742", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-934", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202107-934", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-009578", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-202107-934", }, ], trust: 0.6, }, }
var-202107-0301
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660. Vendor is responsible for this vulnerability IBM X-Force ID: 198660 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0301", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "NVD", id: "CVE-2021-20523", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20523", }, ], }, cve: "CVE-2021-20523", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20523", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.2, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.2, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 2.7, baseSeverity: "Low", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-20523", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20523", trust: 1.8, value: "LOW", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20523", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202107-968", trust: 0.6, value: "LOW", }, { author: "VULMON", id: "CVE-2021-20523", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20523", }, { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "NVD", id: "CVE-2021-20523", }, { db: "NVD", id: "CVE-2021-20523", }, { db: "CNNVD", id: "CNNVD-202107-968", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660. Vendor is responsible for this vulnerability IBM X-Force ID: 198660 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20523", }, { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "VULMON", id: "CVE-2021-20523", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20523", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009591", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-968", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20523", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20523", }, { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "NVD", id: "CVE-2021-20523", }, { db: "CNNVD", id: "CNNVD-202107-968", }, ], }, id: "VAR-202107-0301", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T12:42:26.070000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Remedial measures for debugging information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156657", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "CNNVD", id: "CNNVD-202107-968", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-209", trust: 1, }, { problemtype: "Information leakage due to error message (CWE-209) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "NVD", id: "CVE-2021-20523", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198660", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20523", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/209.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20523", }, { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "NVD", id: "CVE-2021-20523", }, { db: "CNNVD", id: "CNNVD-202107-968", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20523", }, { db: "JVNDB", id: "JVNDB-2021-009591", }, { db: "NVD", id: "CVE-2021-20523", }, { db: "CNNVD", id: "CNNVD-202107-968", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20523", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009591", }, { date: "2021-07-15T18:15:08.957000", db: "NVD", id: "CVE-2021-20523", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-968", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-20523", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009591", }, { date: "2021-09-29T16:11:00.353000", db: "NVD", id: "CVE-2021-20523", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-968", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-968", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Information Leakage Vulnerability in Error Messages", sources: [ { db: "JVNDB", id: "JVNDB-2021-009591", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "debugging information leaks", sources: [ { db: "CNNVD", id: "CNNVD-202107-968", }, ], trust: 0.6, }, }
var-202401-2391
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-2391", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.7", }, { model: "security verify access docker", scope: "lt", trust: 1, vendor: "ibm", version: "10.0.0.7", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, ], sources: [ { db: "NVD", id: "CVE-2023-31001", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.7", versionStartIncluding: "10.0.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.0.7", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-31001", }, ], }, cve: "CVE-2023-31001", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.4, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-31001", trust: 1, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2023-31001", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-31001", }, { db: "NVD", id: "CVE-2023-31001", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.", sources: [ { db: "NVD", id: "CVE-2023-31001", }, ], trust: 1, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-31001", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-31001", }, ], }, id: "VAR-202401-2391", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-03-07T22:52:24.051000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-257", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-31001", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254653", }, { trust: 1, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "NVD", id: "CVE-2023-31001", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "NVD", id: "CVE-2023-31001", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-11T03:15:09.413000", db: "NVD", id: "CVE-2023-31001", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-18T17:06:28.277000", db: "NVD", id: "CVE-2023-31001", }, ], }, }
var-202107-0296
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. Vendor exploits this vulnerability IBM X-Force ID: 197980 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0296", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "NVD", id: "CVE-2021-20500", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20500", }, ], }, cve: "CVE-2021-20500", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20500", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 4.4, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20500", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20500", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20500", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-909", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20500", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20500", }, { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "NVD", id: "CVE-2021-20500", }, { db: "NVD", id: "CVE-2021-20500", }, { db: "CNNVD", id: "CNNVD-202107-909", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. Vendor exploits this vulnerability IBM X-Force ID: 197980 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20500", }, { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "CNNVD", id: "CNNVD-202107-909", }, { db: "VULMON", id: "CVE-2021-20500", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20500", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009588", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-909", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20500", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20500", }, { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "NVD", id: "CVE-2021-20500", }, { db: "CNNVD", id: "CNNVD-202107-909", }, ], }, id: "VAR-202107-0296", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:32:35.449000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM Security Access Manager Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156602", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "CNNVD", id: "CNNVD-202107-909", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "NVD", id: "CVE-2021-20500", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/197980", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20500", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/668.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20500", }, { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "NVD", id: "CVE-2021-20500", }, { db: "CNNVD", id: "CNNVD-202107-909", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20500", }, { db: "JVNDB", id: "JVNDB-2021-009588", }, { db: "NVD", id: "CVE-2021-20500", }, { db: "CNNVD", id: "CNNVD-202107-909", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20500", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009588", }, { date: "2021-07-15T18:15:08.840000", db: "NVD", id: "CVE-2021-20500", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-909", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-20500", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009588", }, { date: "2022-07-12T17:42:04.277000", db: "NVD", id: "CVE-2021-20500", }, { date: "2022-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202107-909", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202107-909", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Vulnerability in Resource Leakage to Wrong Domain", sources: [ { db: "JVNDB", id: "JVNDB-2021-009588", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202107-909", }, ], trust: 0.6, }, }
var-202402-0305
Vulnerability from variot
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-0305", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access docker", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access docker", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access docker", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "docker 10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025837", }, { db: "NVD", id: "CVE-2023-31004", }, ], }, cve: "CVE-2023-31004", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-31004", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-31004", trust: 1.8, value: "CRITICAL", }, { author: "psirt@us.ibm.com", id: "CVE-2023-31004", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025837", }, { db: "NVD", id: "CVE-2023-31004", }, { db: "NVD", id: "CVE-2023-31004", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-31004", }, { db: "JVNDB", id: "JVNDB-2023-025837", }, { db: "VULMON", id: "CVE-2023-31004", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-31004", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-025837", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-31004", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-31004", }, { db: "JVNDB", id: "JVNDB-2023-025837", }, { db: "NVD", id: "CVE-2023-31004", }, ], }, id: "VAR-202402-0305", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.609333685, }, last_update_date: "2024-02-10T23:03:11.400000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025837", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-300", trust: 1, }, { problemtype: "man-in-the-middle problem (CWE-300) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025837", }, { db: "NVD", id: "CVE-2023-31004", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254765", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-31004", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/300.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-31004", }, { db: "JVNDB", id: "JVNDB-2023-025837", }, { db: "NVD", id: "CVE-2023-31004", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-31004", }, { db: "JVNDB", id: "JVNDB-2023-025837", }, { db: "NVD", id: "CVE-2023-31004", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-03T00:00:00", db: "VULMON", id: "CVE-2023-31004", }, { date: "2024-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2023-025837", }, { date: "2024-02-03T01:15:08.060000", db: "NVD", id: "CVE-2023-31004", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-05T00:00:00", db: "VULMON", id: "CVE-2023-31004", }, { date: "2024-02-09T01:14:00", db: "JVNDB", id: "JVNDB-2023-025837", }, { date: "2024-02-07T14:42:18.943000", db: "NVD", id: "CVE-2023-31004", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access and Security Verify Access Docker Man-in-the-middle vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025837", }, ], trust: 0.8, }, }
var-202402-1506
Vulnerability from variot
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1506", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "lte", trust: 1, vendor: "ibm", version: "10.0.6.1", }, { model: "security verify access", scope: "gte", trust: 1, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: "10.0.0.0 to 10.0.6.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, { db: "NVD", id: "CVE-2023-43017", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.6.1", versionStartIncluding: "10.0.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-43017", }, ], }, cve: "CVE-2023-43017", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.5, impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-43017", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-43017", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2023-43017", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, { db: "NVD", id: "CVE-2023-43017", }, { db: "NVD", id: "CVE-2023-43017", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-43017", }, { db: "JVNDB", id: "JVNDB-2023-025925", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-43017", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2023-025925", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, { db: "NVD", id: "CVE-2023-43017", }, ], }, id: "VAR-202402-1506", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2024-02-16T22:51:30.771000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "7106586 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/7106586", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-295", trust: 1, }, { problemtype: "Illegal certificate verification (CWE-295) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, { db: "NVD", id: "CVE-2023-43017", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/266155", }, { trust: 1, url: "https://www.ibm.com/support/pages/node/7106586", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-43017", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, { db: "NVD", id: "CVE-2023-43017", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, { db: "NVD", id: "CVE-2023-43017", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-14T00:00:00", db: "JVNDB", id: "JVNDB-2023-025925", }, { date: "2024-02-07T17:15:09.400000", db: "NVD", id: "CVE-2023-43017", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-14T02:56:00", db: "JVNDB", id: "JVNDB-2023-025925", }, { date: "2024-02-10T04:01:04.533000", db: "NVD", id: "CVE-2023-43017", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM of Security Verify Access Certificate validation vulnerabilities in", sources: [ { db: "JVNDB", id: "JVNDB-2023-025925", }, ], trust: 0.8, }, }
var-202201-0460
Vulnerability from variot
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. Vendor exploits this vulnerability IBM X-Force ID: 212040 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication An input validation error vulnerability exists in IBM Security Verify Access, which originates from an error in the configuration of a network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0460", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "NVD", id: "CVE-2021-38957", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-38957", }, ], }, cve: "CVE-2021-38957", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-38957", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.6, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-38957", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-38957", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-38957", trust: 1, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202201-570", trust: 0.6, value: "LOW", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "NVD", id: "CVE-2021-38957", }, { db: "NVD", id: "CVE-2021-38957", }, { db: "CNNVD", id: "CNNVD-202201-570", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. Vendor exploits this vulnerability IBM X-Force ID: 212040 It is published as.Information may be obtained. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication\nAn input validation error vulnerability exists in IBM Security Verify Access, which originates from an error in the configuration of a network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components", sources: [ { db: "NVD", id: "CVE-2021-38957", }, { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "CNNVD", id: "CNNVD-202201-570", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38957", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2021-017524", trust: 0.8, }, { db: "CS-HELP", id: "SB2022011038", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202201-570", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "NVD", id: "CVE-2021-38957", }, { db: "CNNVD", id: "CNNVD-202201-570", }, ], }, id: "VAR-202201-0460", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T10:52:37.090000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6538418 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6538418", }, { title: "IBM Security Verify Access Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178046", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "CNNVD", id: "CNNVD-202201-570", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, { problemtype: "Inappropriate input confirmation (CWE-20) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "NVD", id: "CVE-2021-38957", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040", }, { trust: 1.6, url: "https://www.ibm.com/support/pages/node/6538418", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38957", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022011038", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "NVD", id: "CVE-2021-38957", }, { db: "CNNVD", id: "CNNVD-202201-570", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, { db: "NVD", id: "CVE-2021-38957", }, { db: "CNNVD", id: "CNNVD-202201-570", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T00:00:00", db: "JVNDB", id: "JVNDB-2021-017524", }, { date: "2022-01-10T14:10:20.650000", db: "NVD", id: "CVE-2021-38957", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202201-570", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-24T06:20:00", db: "JVNDB", id: "JVNDB-2021-017524", }, { date: "2022-01-13T20:37:24.723000", db: "NVD", id: "CVE-2021-38957", }, { date: "2022-02-09T00:00:00", db: "CNNVD", id: "CNNVD-202201-570", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202201-570", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Input verification vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-017524", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202201-570", }, ], trust: 0.6, }, }
var-202207-0350
Vulnerability from variot
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. Vendors may IBM X-Force ID: 225079 It is published as.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0350", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.3.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.2.0", }, { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.1.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "NVD", id: "CVE-2022-22463", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-22463", }, ], }, cve: "CVE-2022-22463", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 6.4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2022-22463", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1, impactScore: 4, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2022-22463", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2022-22463", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2022-22463", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202207-654", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2022-22463", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2022-22463", }, { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "NVD", id: "CVE-2022-22463", }, { db: "NVD", id: "CVE-2022-22463", }, { db: "CNNVD", id: "CNNVD-202207-654", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. Vendors may IBM X-Force ID: 225079 It is published as.Information may be obtained and information may be tampered with", sources: [ { db: "NVD", id: "CVE-2022-22463", }, { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "VULMON", id: "CVE-2022-22463", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-22463", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-015279", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202207-654", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-22463", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-22463", }, { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "NVD", id: "CVE-2022-22463", }, { db: "CNNVD", id: "CNNVD-202207-654", }, ], }, id: "VAR-202207-0350", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T13:17:17.178000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6601729 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6601729", }, { title: "IBM Security Access Manager Appliance SQL Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200244", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "CNNVD", id: "CNNVD-202207-654", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-89", trust: 1, }, { problemtype: "SQL injection (CWE-89) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "NVD", id: "CVE-2022-22463", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6601729", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22463", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-22463/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/89.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-22463", }, { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "NVD", id: "CVE-2022-22463", }, { db: "CNNVD", id: "CNNVD-202207-654", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-22463", }, { db: "JVNDB", id: "JVNDB-2022-015279", }, { db: "NVD", id: "CVE-2022-22463", }, { db: "CNNVD", id: "CNNVD-202207-654", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-08T00:00:00", db: "VULMON", id: "CVE-2022-22463", }, { date: "2023-09-26T00:00:00", db: "JVNDB", id: "JVNDB-2022-015279", }, { date: "2022-07-08T18:15:09.573000", db: "NVD", id: "CVE-2022-22463", }, { date: "2022-07-08T00:00:00", db: "CNNVD", id: "CNNVD-202207-654", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-16T00:00:00", db: "VULMON", id: "CVE-2022-22463", }, { date: "2023-09-26T07:07:00", db: "JVNDB", id: "JVNDB-2022-015279", }, { date: "2022-07-16T01:22:11.270000", db: "NVD", id: "CVE-2022-22463", }, { date: "2022-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202207-654", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202207-654", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Access Manager Appliance In SQL Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-015279", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection", sources: [ { db: "CNNVD", id: "CNNVD-202207-654", }, ], trust: 0.6, }, }
var-202107-0305
Vulnerability from variot
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918. Vendor exploits this vulnerability IBM X-Force ID: 198918 Is published as.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0305", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "10.0.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "NVD", id: "CVE-2021-20537", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20537", }, ], }, cve: "CVE-2021-20537", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 4, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20537", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-20537", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20537", trust: 1.8, value: "MEDIUM", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20537", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-949", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-20537", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-20537", }, { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "NVD", id: "CVE-2021-20537", }, { db: "NVD", id: "CVE-2021-20537", }, { db: "CNNVD", id: "CNNVD-202107-949", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918. Vendor exploits this vulnerability IBM X-Force ID: 198918 Is published as.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2021-20537", }, { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "VULMON", id: "CVE-2021-20537", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20537", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-009595", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202107-949", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-20537", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-20537", }, { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "NVD", id: "CVE-2021-20537", }, { db: "CNNVD", id: "CNNVD-202107-949", }, ], }, id: "VAR-202107-0305", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.21866737, }, last_update_date: "2023-12-18T12:16:21.841000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6471895 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6471895", }, { title: "IBM iConnect Access Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156638", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "CNNVD", id: "CNNVD-202107-949", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1, }, { problemtype: "Using hardcoded credentials (CWE-798) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "NVD", id: "CVE-2021-20537", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198918", }, { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6471895", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20537", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/798.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-20537", }, { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "NVD", id: "CVE-2021-20537", }, { db: "CNNVD", id: "CNNVD-202107-949", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-20537", }, { db: "JVNDB", id: "JVNDB-2021-009595", }, { db: "NVD", id: "CVE-2021-20537", }, { db: "CNNVD", id: "CNNVD-202107-949", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-15T00:00:00", db: "VULMON", id: "CVE-2021-20537", }, { date: "2022-05-11T00:00:00", db: "JVNDB", id: "JVNDB-2021-009595", }, { date: "2021-07-15T18:15:09.110000", db: "NVD", id: "CVE-2021-20537", }, { date: "2021-07-13T00:00:00", db: "CNNVD", id: "CNNVD-202107-949", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-20T00:00:00", db: "VULMON", id: "CVE-2021-20537", }, { date: "2022-05-11T07:24:00", db: "JVNDB", id: "JVNDB-2021-009595", }, { date: "2021-09-29T16:11:55.650000", db: "NVD", id: "CVE-2021-20537", }, { date: "2021-07-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-949", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202107-949", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Docker Vulnerability in Using Hard Coded Credentials", sources: [ { db: "JVNDB", id: "JVNDB-2021-009595", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "trust management problem", sources: [ { db: "CNNVD", id: "CNNVD-202107-949", }, ], trust: 0.6, }, }
var-202106-0505
Vulnerability from variot
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0505", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "application gateway", scope: null, trust: 1.4, vendor: "ibm", version: null, }, { model: "security verify access", scope: "eq", trust: 1, vendor: "ibm", version: "20.07", }, { model: "application gateway", scope: "eq", trust: 1, vendor: "ibm", version: "1.0", }, { model: "security verify access", scope: null, trust: 0.8, vendor: "ibm", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "JVNDB", id: "JVNDB-2021-007390", }, { db: "NVD", id: "CVE-2021-20575", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:application_gateway:1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20575", }, ], }, cve: "CVE-2021-20575", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-20575", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2021-39673", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-378251", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitabilityScore: 1.8, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@us.ibm.com", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.5, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 3.3, baseSeverity: "Low", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2021-20575", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20575", trust: 1.8, value: "LOW", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20575", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2021-39673", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202105-1990", trust: 0.6, value: "LOW", }, { author: "VULHUB", id: "VHN-378251", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378251", }, { db: "JVNDB", id: "JVNDB-2021-007390", }, { db: "NVD", id: "CVE-2021-20575", }, { db: "NVD", id: "CVE-2021-20575", }, { db: "CNNVD", id: "CNNVD-202105-1990", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information", sources: [ { db: "NVD", id: "CVE-2021-20575", }, { db: "JVNDB", id: "JVNDB-2021-007390", }, { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378251", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20575", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2021-007390", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202105-1990", trust: 0.7, }, { db: "CNVD", id: "CNVD-2021-39673", trust: 0.6, }, { db: "VULHUB", id: "VHN-378251", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378251", }, { db: "JVNDB", id: "JVNDB-2021-007390", }, { db: "NVD", id: "CVE-2021-20575", }, { db: "CNNVD", id: "CNNVD-202105-1990", }, ], }, id: "VAR-202106-0505", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378251", }, ], trust: 1.13076225, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, ], }, last_update_date: "2023-12-18T13:07:10.132000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6457315 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6457315", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007390", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-922", trust: 1, }, { problemtype: "Insecure storage of important information (CWE-922) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-007390", }, { db: "NVD", id: "CVE-2021-20575", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6457315", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278", }, { trust: 1.2, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20575", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378251", }, { db: "JVNDB", id: "JVNDB-2021-007390", }, { db: "NVD", id: "CVE-2021-20575", }, { db: "CNNVD", id: "CNNVD-202105-1990", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378251", }, { db: "JVNDB", id: "JVNDB-2021-007390", }, { db: "NVD", id: "CVE-2021-20575", }, { db: "CNNVD", id: "CNNVD-202105-1990", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-05T00:00:00", db: "CNVD", id: "CNVD-2021-39673", }, { date: "2021-06-01T00:00:00", db: "VULHUB", id: "VHN-378251", }, { date: "2022-02-09T00:00:00", db: "JVNDB", id: "JVNDB-2021-007390", }, { date: "2021-06-01T14:15:08.593000", db: "NVD", id: "CVE-2021-20575", }, { date: "2021-05-28T00:00:00", db: "CNNVD", id: "CNNVD-202105-1990", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-06T00:00:00", db: "CNVD", id: "CNVD-2021-39673", }, { date: "2021-06-07T00:00:00", db: "VULHUB", id: "VHN-378251", }, { date: "2022-02-09T09:07:00", db: "JVNDB", id: "JVNDB-2021-007390", }, { date: "2021-06-07T15:40:54.940000", db: "NVD", id: "CVE-2021-20575", }, { date: "2021-06-08T00:00:00", db: "CNNVD", id: "CNNVD-202105-1990", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202105-1990", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Vulnerability in insecure storage of important information in", sources: [ { db: "JVNDB", id: "JVNDB-2021-007390", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202105-1990", }, ], trust: 0.6, }, }
var-202106-0506
Vulnerability from variot
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application.
An information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0506", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "security verify access", scope: "eq", trust: 1.8, vendor: "ibm", version: "20.07", }, { model: "application gateway", scope: "eq", trust: 1, vendor: "ibm", version: "1.0", }, { model: "security verify access", scope: "eq", trust: 0.8, vendor: "ibm", version: null, }, { model: "application gateway", scope: null, trust: 0.6, vendor: "ibm", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "JVNDB", id: "JVNDB-2021-001973", }, { db: "NVD", id: "CVE-2021-20576", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ibm:application_gateway:1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:security_verify_access:20.07:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-20576", }, ], }, cve: "CVE-2021-20576", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20576", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2021-39673", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-378252", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@us.ibm.com", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-20576", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-20576", trust: 1.8, value: "HIGH", }, { author: "psirt@us.ibm.com", id: "CVE-2021-20576", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2021-39673", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202105-1991", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-378252", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378252", }, { db: "JVNDB", id: "JVNDB-2021-001973", }, { db: "NVD", id: "CVE-2021-20576", }, { db: "NVD", id: "CVE-2021-20576", }, { db: "CNNVD", id: "CNNVD-202105-1991", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. \n\r\n\r\nAn information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information", sources: [ { db: "NVD", id: "CVE-2021-20576", }, { db: "JVNDB", id: "JVNDB-2021-001973", }, { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378252", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-20576", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2021-001973", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202105-1991", trust: 0.7, }, { db: "CNVD", id: "CNVD-2021-39673", trust: 0.6, }, { db: "VULHUB", id: "VHN-378252", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378252", }, { db: "JVNDB", id: "JVNDB-2021-001973", }, { db: "NVD", id: "CVE-2021-20576", }, { db: "CNNVD", id: "CNNVD-202105-1991", }, ], }, id: "VAR-202106-0506", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378252", }, ], trust: 1.13076225, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, ], }, last_update_date: "2023-12-18T13:07:10.104000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "6457315 IBM X-Force Exchange", trust: 0.8, url: "https://www.ibm.com/support/pages/node/6457315", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-001973", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-001973", }, { db: "NVD", id: "CVE-2021-20576", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.ibm.com/support/pages/node/6457315", }, { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280", }, { trust: 1.2, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-resolved-in-ibm-application-gateway-cve-2021-20576-cve-2021-20575-cve-2021-29665/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-20576", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378252", }, { db: "JVNDB", id: "JVNDB-2021-001973", }, { db: "NVD", id: "CVE-2021-20576", }, { db: "CNNVD", id: "CNNVD-202105-1991", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-39673", }, { db: "VULHUB", id: "VHN-378252", }, { db: "JVNDB", id: "JVNDB-2021-001973", }, { db: "NVD", id: "CVE-2021-20576", }, { db: "CNNVD", id: "CNNVD-202105-1991", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-05T00:00:00", db: "CNVD", id: "CNVD-2021-39673", }, { date: "2021-06-01T00:00:00", db: "VULHUB", id: "VHN-378252", }, { date: "2021-07-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-001973", }, { date: "2021-06-01T14:15:08.630000", db: "NVD", id: "CVE-2021-20576", }, { date: "2021-05-28T00:00:00", db: "CNNVD", id: "CNNVD-202105-1991", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-06T00:00:00", db: "CNVD", id: "CNVD-2021-39673", }, { date: "2021-06-04T00:00:00", db: "VULHUB", id: "VHN-378252", }, { date: "2021-07-06T08:12:00", db: "JVNDB", id: "JVNDB-2021-001973", }, { date: "2021-06-04T18:29:45.303000", db: "NVD", id: "CVE-2021-20576", }, { date: "2021-06-07T00:00:00", db: "CNNVD", id: "CNNVD-202105-1991", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202105-1991", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Security Verify Access Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-001973", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202105-1991", }, ], trust: 0.6, }, }
cve-2024-45647
Vulnerability from cvelistv5
Published
2025-01-20 14:50
Modified
2025-01-21 20:08
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 ≤ 10.0.8 cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45647", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-21T20:07:29.261341Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-21T20:08:31.459Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.", }, ], value: "IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-620", description: "CWE-620 Unverified Password Change", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-20T14:50:54.184Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7176212", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access unverified password change", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-45647", datePublished: "2025-01-20T14:50:54.184Z", dateReserved: "2024-09-03T13:50:17.060Z", dateUpdated: "2025-01-21T20:08:31.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4660
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186140 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:49.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204660-info-disc (186140)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, ], datePublic: "2020-10-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/A:N/PR:N/UI:N/S:U/C:H/I:N/AC:H/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T13:05:34", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204660-info-disc (186140)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-08T00:00:00", ID: "CVE-2020-4660", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "A", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6346619", refsource: "CONFIRM", title: "IBM Security Bulletin 6346619 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204660-info-disc (186140)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186140", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4660", datePublished: "2020-10-12T13:05:34.819706Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T22:08:58.203Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43740
Vulnerability from cvelistv5
Published
2023-10-14 15:13
Modified
2024-09-16 20:04
Severity ?
EPSS score ?
Summary
IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7028513 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/238921 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: OIDC Provider |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7028513", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238921", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-43740", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-16T20:04:24.691263Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T20:04:37.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "OIDC Provider", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.", }, ], value: "IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-14T15:13:27.562Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7028513", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238921", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43740", datePublished: "2023-10-14T15:13:27.562Z", dateReserved: "2022-10-25T17:36:35.656Z", dateUpdated: "2024-09-16T20:04:37.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22463
Vulnerability from cvelistv5
Published
2022-07-08 17:45
Modified
2024-09-16 16:38
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6601729 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/225079 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.2.0 Version: 10.0.0.0 Version: 10.0.1.0 Version: 10.0.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.220Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222463-sql-injection (225079)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.0.0", }, { status: "affected", version: "10.0.1.0", }, { status: "affected", version: "10.0.3.0", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 4.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:H/PR:H/A:N/AC:H/AV:A/S:C/UI:N/I:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Data Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-08T17:45:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222463-sql-injection (225079)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-07-06T00:00:00", ID: "CVE-2022-22463", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.2.0", }, { version_value: "10.0.0.0", }, { version_value: "10.0.1.0", }, { version_value: "10.0.3.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "A", C: "H", I: "N", PR: "H", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Data Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6601729", refsource: "CONFIRM", title: "IBM Security Bulletin 6601729 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222463-sql-injection (225079)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225079", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22463", datePublished: "2022-07-08T17:45:21.020316Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T16:38:44.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20576
Vulnerability from cvelistv5
Published
2021-05-31 14:50
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/199280 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 20.07 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-appgateway-cve202120576-dos (199280)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "20.07", }, ], }, ], datePublic: "2021-05-28T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/PR:N/S:U/C:N/AC:L/A:H/I:N/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-31T14:50:17", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-appgateway-cve202120576-dos (199280)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-05-28T00:00:00", ID: "CVE-2021-20576", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "20.07", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6457315", refsource: "CONFIRM", title: "IBM Security Bulletin 6457315 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-appgateway-cve202120576-dos (199280)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199280", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20576", datePublished: "2021-05-31T14:50:17.494688Z", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-09-16T23:36:00.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49805
Vulnerability from cvelistv5
Published
2024-11-29 16:52
Modified
2024-11-29 17:09
Severity ?
EPSS score ?
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 ≤ 10.0.8 cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49805", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T17:02:39.412885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T17:09:49.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n<span style=\"background-color: rgb(255, 255, 255);\">contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.</span>\n\n</span>", }, ], value: "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-29T16:55:50.852Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177447", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access Appliance hard coded credentials", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-49805", datePublished: "2024-11-29T16:52:15.174Z", dateReserved: "2024-10-20T13:40:24.084Z", dateUpdated: "2024-11-29T17:09:49.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29665
Vulnerability from cvelistv5
Published
2021-05-31 14:50
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/199399 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 20.07 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:11:06.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-ag-cve202129665-bo (199399)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "20.07", }, ], }, ], datePublic: "2021-05-28T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 7.8, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/I:H/UI:N/AV:N/PR:N/C:H/S:C/AC:H/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-31T14:50:18", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-ag-cve202129665-bo (199399)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-05-28T00:00:00", ID: "CVE-2021-29665", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "20.07", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "N", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6457315", refsource: "CONFIRM", title: "IBM Security Bulletin 6457315 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-ag-cve202129665-bo (199399)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199399", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29665", datePublished: "2021-05-31T14:50:18.877701Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-17T00:21:32.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36775
Vulnerability from cvelistv5
Published
2023-02-17 16:22
Modified
2025-03-12 20:07
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6953617 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, 10.0.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:14:28.496Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6953617", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-36775", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-12T20:07:40.499885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-12T20:07:43.499Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Security Verify Access ", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, 10.0.4.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.", }, ], value: "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "644 Improper Neutralization of HTTP Headers for Scripting Syntax", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-17T16:22:46.450Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6953617", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access HOST header injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-36775", datePublished: "2023-02-17T16:22:46.450Z", dateReserved: "2022-07-26T14:04:17.547Z", dateUpdated: "2025-03-12T20:07:43.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22311
Vulnerability from cvelistv5
Published
2022-03-31 17:30
Modified
2024-09-16 20:01
Severity ?
EPSS score ?
Summary
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6568043 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/217226 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 Version: 10.0.1 Version: 10.0.2 Version: 10.0.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:07:50.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6568043", }, { name: "ibm-sv-cve202222311-improper-validation (217226)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, { status: "affected", version: "10.0.1", }, { status: "affected", version: "10.0.2", }, { status: "affected", version: "10.0.3", }, ], }, ], datePublic: "2022-03-30T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/PR:N/A:N/S:U/UI:N/I:L/AV:N/C:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-31T17:30:17", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6568043", }, { name: "ibm-sv-cve202222311-improper-validation (217226)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-03-30T00:00:00", ID: "CVE-2022-22311", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, { version_value: "10.0.1", }, { version_value: "10.0.2", }, { version_value: "10.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6568043", refsource: "CONFIRM", title: "IBM Security Bulletin 6568043 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6568043", }, { name: "ibm-sv-cve202222311-improper-validation (217226)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/217226", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22311", datePublished: "2022-03-31T17:30:17.724311Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T20:01:49.457Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20575
Vulnerability from cvelistv5
Published
2021-05-31 14:50
Modified
2024-09-16 23:25
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/199278 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 20.07 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.459Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-appgateway-cve202120575-info-disc (199278)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "20.07", }, ], }, ], datePublic: "2021-05-28T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:L/C:L/S:U/PR:N/UI:N/I:N/A:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-31T14:50:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-appgateway-cve202120575-info-disc (199278)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-05-28T00:00:00", ID: "CVE-2021-20575", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "20.07", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6457315", refsource: "CONFIRM", title: "IBM Security Bulletin 6457315 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-appgateway-cve202120575-info-disc (199278)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199278", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20575", datePublished: "2021-05-31T14:50:16.841661Z", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-09-16T23:25:46.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22465
Vulnerability from cvelistv5
Published
2022-07-08 17:45
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6601729 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/225082 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.2.0 Version: 10.0.0.0 Version: 10.0.1.0 Version: 10.0.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222465-priv-escalation (225082)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.0.0", }, { status: "affected", version: "10.0.1.0", }, { status: "affected", version: "10.0.3.0", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/PR:L/A:N/C:H/I:H/S:U/UI:N/AV:L/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-08T17:45:24", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222465-priv-escalation (225082)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-07-06T00:00:00", ID: "CVE-2022-22465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.2.0", }, { version_value: "10.0.0.0", }, { version_value: "10.0.1.0", }, { version_value: "10.0.3.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6601729", refsource: "CONFIRM", title: "IBM Security Bulletin 6601729 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222465-priv-escalation (225082)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225082", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22465", datePublished: "2022-07-08T17:45:24.113826Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-17T00:21:39.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4661
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 17:38
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186142 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:49.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204661-info-disc (186142)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, ], datePublic: "2020-10-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/I:N/C:H/UI:N/S:U/PR:N/A:N/AV:A/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T13:05:35", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204661-info-disc (186142)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-08T00:00:00", ID: "CVE-2020-4661", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "A", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6346619", refsource: "CONFIRM", title: "IBM Security Bulletin 6346619 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204661-info-disc (186142)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186142", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4661", datePublished: "2020-10-12T13:05:35.256777Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T17:38:55.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38956
Vulnerability from cvelistv5
Published
2022-01-07 17:55
Modified
2024-09-16 16:17
Severity ?
EPSS score ?
Summary
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/212038 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 Version: 10.0.2.0 Version: 10.0.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.834Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138956-info-disc (212038)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.1.0", }, ], }, ], datePublic: "2022-01-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/C:L/I:N/A:N/S:U/UI:N/PR:N/AV:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-07T17:55:24", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138956-info-disc (212038)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-06T00:00:00", ID: "CVE-2021-38956", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, { version_value: "10.0.2.0", }, { version_value: "10.0.1.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6538418", refsource: "CONFIRM", title: "IBM Security Bulletin 6538418 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138956-info-disc (212038)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212038", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38956", datePublished: "2022-01-07T17:55:24.652375Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-16T16:17:38.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31883
Vulnerability from cvelistv5
Published
2024-06-27 15:50
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158789 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/287615 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-31883", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T17:23:26.234798Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-27T17:23:32.454Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:59:50.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158789", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.", }, ], value: "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-703", description: "CWE-703 Improper Check or Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T15:50:52.220Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158789", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-31883", datePublished: "2024-06-27T15:50:52.220Z", dateReserved: "2024-04-07T12:44:46.961Z", dateUpdated: "2024-08-02T01:59:50.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43868
Vulnerability from cvelistv5
Published
2023-10-14 15:28
Modified
2024-09-16 20:03
Severity ?
EPSS score ?
Summary
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7028513 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/239445 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: OIDC Provider |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.872Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7028513", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239445", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-43868", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-16T20:03:27.647309Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T20:03:34.983Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "OIDC Provider", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.", }, ], value: "IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-14T15:28:03.271Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7028513", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239445", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43868", datePublished: "2023-10-14T15:28:03.271Z", dateReserved: "2022-10-26T15:46:22.824Z", dateUpdated: "2024-09-16T20:03:34.983Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4552
Vulnerability from cvelistv5
Published
2020-10-15 12:40
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/165960 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20194552-response-splitting (165960)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, ], datePublic: "2020-10-14T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/C:L/PR:N/A:N/S:C/I:L/UI:R/AC:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-15T12:40:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20194552-response-splitting (165960)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-14T00:00:00", ID: "CVE-2019-4552", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "C", UI: "R", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6348046", refsource: "CONFIRM", title: "IBM Security Bulletin 6348046 (Security Access Manager)", url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20194552-response-splitting (165960)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165960", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4552", datePublished: "2020-10-15T12:40:20.849636Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T19:25:59.758Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22370
Vulnerability from cvelistv5
Published
2022-07-08 17:45
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6601725 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/221194 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.2.0 Version: 10.0.0.0 Version: 10.0.1.0 Version: 10.0.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.990Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6601725", }, { name: "ibm-sva-cve202222370-xss (221194)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.0.0", }, { status: "affected", version: "10.0.1.0", }, { status: "affected", version: "10.0.3.0", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/I:L/AV:N/RL:O/RC:C/E:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-08T17:45:19", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6601725", }, { name: "ibm-sva-cve202222370-xss (221194)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-07-06T00:00:00", ID: "CVE-2022-22370", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.2.0", }, { version_value: "10.0.0.0", }, { version_value: "10.0.1.0", }, { version_value: "10.0.3.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6601725", refsource: "CONFIRM", title: "IBM Security Bulletin 6601725 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6601725", }, { name: "ibm-sva-cve202222370-xss (221194)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221194", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22370", datePublished: "2022-07-08T17:45:19.536069Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T16:33:20.269Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49804
Vulnerability from cvelistv5
Published
2024-11-29 16:55
Modified
2024-11-29 17:09
Severity ?
EPSS score ?
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 ≤ 10.0.8 cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49804", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T17:02:23.334682Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T17:09:49.542Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. </span>\n\n</span>", }, ], value: "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncould allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250 Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-29T16:55:32.323Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177447", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access Appliance privilege escalation", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-49804", datePublished: "2024-11-29T16:55:32.323Z", dateReserved: "2024-10-20T13:40:24.084Z", dateUpdated: "2024-11-29T17:09:49.542Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25927
Vulnerability from cvelistv5
Published
2023-05-12 17:38
Modified
2025-01-23 20:35
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.
References
| ▼ | URL | Tags |
|---|---|---|
| https://https://www.ibm.com/support/pages/node/6989653 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/247635 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:39:05.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://https://www.ibm.com/support/pages/node/6989653", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25927", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T20:34:37.200739Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-23T20:35:20.324Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.", }, ], value: "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T17:38:51.966Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://https://www.ibm.com/support/pages/node/6989653", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-25927", datePublished: "2023-05-12T17:38:51.966Z", dateReserved: "2023-02-16T16:39:45.212Z", dateUpdated: "2025-01-23T20:35:20.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38957
Vulnerability from cvelistv5
Published
2022-01-07 17:55
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/212040 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 Version: 10.0.2.0 Version: 10.0.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138957-info-disc (212040)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.1.0", }, ], }, ], datePublic: "2022-01-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 2.7, temporalSeverity: "LOW", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/S:U/PR:N/UI:R/AV:N/I:N/C:L/AC:H/A:N/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-07T17:55:25", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138957-info-disc (212040)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-06T00:00:00", ID: "CVE-2021-38957", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, { version_value: "10.0.2.0", }, { version_value: "10.0.1.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "R", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6538418", refsource: "CONFIRM", title: "IBM Security Bulletin 6538418 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138957-info-disc (212040)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/212040", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38957", datePublished: "2022-01-07T17:55:26.027623Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-17T04:19:09.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49803
Vulnerability from cvelistv5
Published
2024-11-29 16:50
Modified
2024-11-29 17:09
Severity ?
EPSS score ?
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 ≤ 10.0.8 cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49803", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T17:02:47.156364Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T17:09:49.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.</span>", }, ], value: "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-29T16:50:31.964Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177447", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access Appliance command execution", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-49803", datePublished: "2024-11-29T16:50:31.964Z", dateReserved: "2024-10-20T13:40:24.084Z", dateUpdated: "2024-11-29T17:09:49.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4699
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186947 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Access Manager |
Version: 9.0.7 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:57.822Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204699-info-disc (186947)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, ], datePublic: "2020-10-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/I:N/C:H/S:U/UI:N/PR:N/A:N/AV:A/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T13:05:35", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204699-info-disc (186947)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-08T00:00:00", ID: "CVE-2020-4699", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "A", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6346619", refsource: "CONFIRM", title: "IBM Security Bulletin 6346619 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6346619", }, { name: "ibm-sam-cve20204699-info-disc (186947)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186947", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4699", datePublished: "2020-10-12T13:05:35.713281Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T20:16:56.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4499
Vulnerability from cvelistv5
Published
2020-10-15 12:40
Modified
2024-09-17 04:28
Severity ?
EPSS score ?
Summary
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6348046 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/182216 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:48.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20204499-sec-bypass (182216)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, ], }, { product: "Security Access Manager", vendor: "IBM", versions: [ { status: "affected", version: "9.0.7", }, ], }, ], datePublic: "2020-10-14T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:L/UI:N/AC:L/PR:N/AV:N/C:L/S:U/A:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-15T12:40:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20204499-sec-bypass (182216)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-14T00:00:00", ID: "CVE-2020-4499", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, ], }, }, { product_name: "Security Access Manager", version: { version_data: [ { version_value: "9.0.7", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6348046", refsource: "CONFIRM", title: "IBM Security Bulletin 6348046 (Security Access Manager)", url: "https://www.ibm.com/support/pages/node/6348046", }, { name: "ibm-sam-cve20204499-sec-bypass (182216)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182216", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4499", datePublished: "2020-10-15T12:40:21.263570Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T04:28:43.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30430
Vulnerability from cvelistv5
Published
2024-06-27 15:53
Modified
2024-08-24 10:44
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7158789 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0.0 ≤ 10.0.7.1 cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-30430", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T18:52:34.173468Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-27T18:52:43.238Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T14:21:44.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7158789", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252183", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.7.1", status: "affected", version: "10.0.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.", }, ], value: "IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-24T10:44:17.483Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7158789", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252183", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-30430", datePublished: "2024-06-27T15:53:23.648Z", dateReserved: "2023-04-08T15:56:20.543Z", dateUpdated: "2024-08-24T10:44:17.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20585
Vulnerability from cvelistv5
Published
2021-05-31 14:50
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6457315 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/199398 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 20.07 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.369Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-ag-cve202120585-info-disc (199398)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "20.07", }, ], }, ], datePublic: "2021-05-28T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/C:L/PR:N/AV:N/AC:L/I:N/A:N/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-31T14:50:18", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-ag-cve202120585-info-disc (199398)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-05-28T00:00:00", ID: "CVE-2021-20585", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "20.07", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6457315", refsource: "CONFIRM", title: "IBM Security Bulletin 6457315 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6457315", }, { name: "ibm-ag-cve202120585-info-disc (199398)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199398", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20585", datePublished: "2021-05-31T14:50:18.138778Z", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-09-17T00:15:52.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35133
Vulnerability from cvelistv5
Published
2024-08-29 16:39
Modified
2024-09-21 09:58
Severity ?
EPSS score ?
Summary
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7166712 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 | vdb-entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Security Verify Access |
Version: 10.0.0 ≤ 10.0.8 cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35133", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T17:02:51.567380Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T17:03:12.007Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access_docker:10.0.8:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Security Verify Access Docker", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.", }, ], value: "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-21T09:58:17.795Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7166712", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/291026", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access HTTP open redirect", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-35133", datePublished: "2024-08-29T16:39:43.913Z", dateReserved: "2024-05-09T16:27:27.133Z", dateUpdated: "2024-09-21T09:58:17.795Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22464
Vulnerability from cvelistv5
Published
2022-07-08 17:45
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6601729 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/225081 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.2.0 Version: 10.0.0.0 Version: 10.0.1.0 Version: 10.0.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222464-info-disc (225081)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.0.0", }, { status: "affected", version: "10.0.1.0", }, { status: "affected", version: "10.0.3.0", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/UI:N/S:U/AV:N/AC:H/A:N/PR:N/C:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-08T17:45:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222464-info-disc (225081)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-07-06T00:00:00", ID: "CVE-2022-22464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.2.0", }, { version_value: "10.0.0.0", }, { version_value: "10.0.1.0", }, { version_value: "10.0.3.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6601729", refsource: "CONFIRM", title: "IBM Security Bulletin 6601729 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6601729", }, { name: "ibm-sam-cve202222464-info-disc (225081)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225081", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22464", datePublished: "2022-07-08T17:45:22.650659Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T18:08:16.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38921
Vulnerability from cvelistv5
Published
2022-01-07 17:55
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/210067 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 Version: 10.0.2.0 Version: 10.0.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sam-cve202138921-info-disc (210067)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.1.0", }, ], }, ], datePublic: "2022-01-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/I:N/C:H/A:N/S:U/PR:N/UI:N/AV:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-07T17:55:23", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sam-cve202138921-info-disc (210067)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-06T00:00:00", ID: "CVE-2021-38921", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, { version_value: "10.0.2.0", }, { version_value: "10.0.1.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6538418", refsource: "CONFIRM", title: "IBM Security Bulletin 6538418 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sam-cve202138921-info-disc (210067)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/210067", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38921", datePublished: "2022-01-07T17:55:23.252972Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-16T22:41:31.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49806
Vulnerability from cvelistv5
Published
2024-11-29 16:53
Modified
2024-11-29 17:09
Severity ?
EPSS score ?
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.8
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 ≤ 10.0.8 cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49806", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T17:02:32.019925Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T17:09:49.806Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.8", status: "affected", version: "10.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\n<span style=\"background-color: rgb(255, 255, 255);\">contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.</span>\n\n</span>", }, ], value: "IBM Security Verify Access Appliance 10.0.0 through 10.0.8 \n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-29T16:53:45.208Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177447", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access Appliance hard coded credentials", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-49806", datePublished: "2024-11-29T16:53:45.208Z", dateReserved: "2024-10-20T13:40:24.084Z", dateUpdated: "2024-11-29T17:09:49.806Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0161
Vulnerability from cvelistv5
Published
2025-02-20 16:02
Modified
2025-02-23 04:32
Severity ?
EPSS score ?
Summary
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183788 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0.0 ≤ 10.0.0.9 Version: 11.0.0.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0161", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-20T16:22:54.565528Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-20T16:23:08.335Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Security Verify Access", vendor: "IBM", versions: [ { lessThanOrEqual: "10.0.0.9", status: "affected", version: "10.0.0.0", versionType: "semver", }, { status: "affected", version: "11.0.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.</span>", }, ], value: "IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-23T04:32:21.422Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183788", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Security Verify Access Appliance code injection", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2025-0161", datePublished: "2025-02-20T16:02:37.156Z", dateReserved: "2024-12-31T19:09:12.900Z", dateUpdated: "2025-02-23T04:32:21.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38895
Vulnerability from cvelistv5
Published
2022-01-07 17:55
Modified
2024-09-16 23:55
Severity ?
EPSS score ?
Summary
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/209563 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 Version: 10.0.2.0 Version: 10.0.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.738Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138895-xss (209563)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.1.0", }, ], }, ], datePublic: "2022-01-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 2.9, temporalSeverity: "LOW", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/C:L/I:N/AC:H/PR:L/UI:R/AV:N/S:C/RL:O/RC:C/E:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-07T17:55:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138895-xss (209563)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-06T00:00:00", ID: "CVE-2021-38895", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, { version_value: "10.0.2.0", }, { version_value: "10.0.1.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "L", I: "N", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6538418", refsource: "CONFIRM", title: "IBM Security Bulletin 6538418 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138895-xss (209563)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209563", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38895", datePublished: "2022-01-07T17:55:21.811204Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-16T23:55:44.245Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38894
Vulnerability from cvelistv5
Published
2022-01-07 17:55
Modified
2024-09-16 16:18
Severity ?
EPSS score ?
Summary
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6538418 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/209515 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Security Verify Access |
Version: 10.0.0 Version: 10.0.2.0 Version: 10.0.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.734Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138894-info-disc (209515)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Security Verify Access", vendor: "IBM", versions: [ { status: "affected", version: "10.0.0", }, { status: "affected", version: "10.0.2.0", }, { status: "affected", version: "10.0.1.0", }, ], }, ], datePublic: "2022-01-06T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 2.4, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/UI:N/AV:N/PR:H/AC:L/I:N/C:L/A:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-07T17:55:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138894-info-disc (209515)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-06T00:00:00", ID: "CVE-2021-38894", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Security Verify Access", version: { version_data: [ { version_value: "10.0.0", }, { version_value: "10.0.2.0", }, { version_value: "10.0.1.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6538418", refsource: "CONFIRM", title: "IBM Security Bulletin 6538418 (Security Verify Access)", url: "https://www.ibm.com/support/pages/node/6538418", }, { name: "ibm-sv-cve202138894-info-disc (209515)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209515", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38894", datePublished: "2022-01-07T17:55:20.249096Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-16T16:18:02.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }