|
196381
|
6.5 |
MEDIUM
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-20537
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196382
|
7.2 |
HIGH
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813
|
NVD-CWE-noinfo
|
CVE-2021-20533
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196383
|
4.8 |
MEDIUM
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20524
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196384
|
2.7 |
LOW
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be us…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-20523
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196385
|
4.9 |
MEDIUM
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/.…
|
CWE-22
Path Traversal
|
CVE-2021-20511
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196386
|
4.4 |
MEDIUM
Local
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-20510
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196387
|
4.4 |
MEDIUM
Local
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.
|
NVD-CWE-noinfo
|
CVE-2021-20500
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196388
|
2.7 |
LOW
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be us…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-20499
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196389
|
5.3 |
MEDIUM
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972.
|
CWE-200
Information Exposure
|
CVE-2021-20498
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196390
|
7.5 |
HIGH
Network
|
ibm
|
security_verify_access
|
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2021-20497
|
2024-11-21 14:46 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
