Oddbean

Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access Security researcher Pierre Barre has drawn attention to three dozen vulnerabilities in IBM Security Verify Access (ISVA), including ones that could have allowed attackers to compromise the entire authentication infrastructure based on the authorization and network security policy management solution. An attacker looking to exploit these issues would need to mount a man-in-the-middle (MiTM) attack or gain access to the internal network of an organization using IBM’s ISVA appliances and Docker images. At least half of the security defects, including seven remote code execution flaws, one authentication bypass, eight privilege escalation bugs, and some other issues, could be exploited for full compromise. See more: https://www.securityweek.com/researcher-discloses-32-vulnerabilities-found-in-ibm-security-verify-access/ #cybersecurity #ibm