High Severity

Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Access

Share this post:

Source code scanning has found several open source vulnerabilites in the IBM Security Verify Access product. Verify Access has updated the packages as required.

CVE(s): CVE-2018-20574, CVE-2019-6285, CVE-2018-20573, CVE-2017-11692, CVE-2010-4021, CVE-2010-1324, CVE-2010-4020, CVE-2010-1323, CVE-2018-5730, CVE-2018-20217, CVE-2020-28196, IBM X-Force ID:   217968

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Verify Access 10.0.0
IBM Security Verify Access Docker 10.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6601733
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154878
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155595
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154877
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129747
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/63593
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/63589
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/63592
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/63590
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139970
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154827
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/191321

More stories

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to CVE-2022-0811

August 9, 2022 | High Severity

IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. ...read more


Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to Google Gson (CVE-2022-25647)

August 9, 2022 | High Severity

There is a vulnerability in Google Gson used by Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE (CVE-2022-25647). ...read more


Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-24434

August 9, 2022 | High Severity

Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-24434 ...read more