CVE-2023-25927
MEDIUMIBM Security Verify Access 10.0.0-10.0.5 - Denial of Service via Crafted HTTP Requests
Title source: llmDescription
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.
References (5)
Core 5
Core References
Vendor Advisory
https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719
Mailing List
http://seclists.org/fulldisclosure/2024/Nov/0
Mailing List
http://seclists.org/fulldisclosure/2024/Nov/1
Broken Link vendor-advisory
https://https://www.ibm.com/support/pages/node/6989653
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/247635
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
48.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (6)
ibm/security_verify_access
10.0.0
ibm/security_verify_access
10.0.1
ibm/security_verify_access
10.0.2
ibm/security_verify_access
10.0.3
ibm/security_verify_access
10.0.4
ibm/security_verify_access
10.0.5
Published
May 12, 2023
Tracked Since
Feb 18, 2026