CVE-2022-35646

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 70.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Governance

Timeline

PublishedDec 22

Description

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 1.6 | Impact: 4.2

Affected Packages1 packages

▶NVDibm/security_verify_governance10.0.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Security Verify Governance, Identity Manager security bypass↗2022-12-22

▶

GHSA

GHSA-294j-79hr-f57f: IBM Security Verify Governance, Identity Manager 10↗2022-12-22

▶