Every CVE whose affected-product data names Ibm Verify Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2020-4385 — CVSS 9.8 (critical): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its…
CVE-2020-4372 — CVSS 7.8 (high): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID…
CVE-2020-4400 — CVSS 7.5 (high): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force…
CVE-2020-4399 — CVSS 6.5 (medium): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against…
CVE-2020-4397 — CVSS 5.9 (medium): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in…
CVE-2020-4369 — CVSS 5.5 (medium): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID…
CVE-2020-4405 — CVSS 4.3 (medium): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable…
CVE-2020-4371 — CVSS 3.3 (low): IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in…