Ibm: >> Verify Gateway >> 1.0.1 Security Vulnerabilities
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484.
CVSS Score
3.1
EPSS Score
0.003
Published
2020-07-27
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
CVSS Score
5.1
EPSS Score
0.0
Published
2020-07-22
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
CVSS Score
4.0
EPSS Score
0.0
Published
2020-07-22
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
CVSS Score
6.2
EPSS Score
0.0
Published
2020-07-22
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-07-22
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-07-22
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-07-22
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-07-22