Lucene search

IbmCVELIST:CVE-2022-22466

HistoryOct 23, 2023 - 7:42 p.m.

CVE-2022-22466 IBM Security Verify Governance information disclosure

2023-10-2319:42:53

CWE-798

ibm

www.cve.org

ibm

security verify governance

hard-coded credentials

authentication

encryption

information disclosure

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Governance",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/225222

www.ibm.com/support/pages/node/7057377

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

Related for CVELIST:CVE-2022-22466