Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4400 | 1 Ibm | 1 Verify Gateway | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. | |||||
CVE-2020-4405 | 1 Ibm | 1 Verify Gateway | 2020-07-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. | |||||
CVE-2020-4399 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476. | |||||
CVE-2020-4397 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428. | |||||
CVE-2020-4385 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 7.5 HIGH | 9.8 CRITICAL |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. | |||||
CVE-2020-4372 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 2.1 LOW | 7.8 HIGH |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 | |||||
CVE-2020-4369 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 2.1 LOW | 5.5 MEDIUM |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. | |||||
CVE-2020-4371 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 2.1 LOW | 3.3 LOW |
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. |