Ibm: >> Security Verify Access >> 10.0.2.0 Security Vulnerabilities
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.
CVSS Score
3.0
EPSS Score
0.003
Published
2022-01-10
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-01-10
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038
CVSS Score
5.3
EPSS Score
0.001
Published
2022-01-10
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-01-10
Page 4