Skip to main content

Verify Gateway

8 CVEs product

Monthly

CVE-2020-4405 MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-4400 HIGH PATCH This Week

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4399 MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Verify Gateway
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4397 MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-4385 CRITICAL PATCH Act Now

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Verify Gateway
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-4372 HIGH PATCH This Week

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-4371 LOW PATCH Monitor

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-4369 MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Verify Gateway
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Verify Gateway
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Verify Gateway
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Verify Gateway
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Verify Gateway
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy