|
200401
|
7.5 |
HIGH
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communicatio…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-20412
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200402
|
8.1 |
HIGH
Adjacent
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2021-20411
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200403
|
5.3 |
MEDIUM
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-20410
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200404
|
7.5 |
HIGH
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attack…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20409
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200405
|
5.5 |
MEDIUM
Local
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-20408
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200406
|
7.5 |
HIGH
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-20407
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200407
|
4.9 |
MEDIUM
Network
|
ibm
|
security_verify_information_queue
|
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184.
|
-
|
CVE-2021-20406
|
2024-11-21 14:46 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200408
|
9.1 |
CRITICAL
Network
|
elecom
|
file_manager
|
Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the a…
|
CWE-22
Path Traversal
|
CVE-2021-20651
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200409
|
6.5 |
MEDIUM
Network
|
elecom
|
ncc-ewf100rmwh2_firmware
|
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vecto…
|
CWE-352
Origin Validation Error
|
CVE-2021-20650
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200410
|
4.8 |
MEDIUM
Network
|
elecom
|
wrc-300febk-s_firmware
|
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command …
|
CWE-295
Improper Certificate Validation
|
CVE-2021-20649
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
