CVE-2023-25927 — Improper Input Validation in IBM Security Verify Access

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

CNA6.5

EPSS

0.3%

top 51.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Access

Timeline

PublishedMay 12

Description

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/security_verify_access10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5

▶NVDibm/security_verify_access6 versions+5

🔴Vulnerability Details

GHSA

GHSA-cgqm-2q6p-33gm: IBM Security Verify Access 10↗2023-05-12

▶

CVEList

IBM Security Verify Access denial of service↗2023-05-12

▶