Lucene search
IBM26695B8EA4E44B3ECE5653E4F8251A5CB00EBEEFB8EFFCD6A73DCE24CC713D18HistoryMar 30, 2022 - 10:04 p.m.
Security Bulletin: IBM Security Verify Access is vulnerable to obtaining sensitive information due to improper validation of JWT tokens.
2022-03-3022:04:11
www.ibm.com
19
ibm security verify access
vulnerable
jwt tokens
EPSS
0.001
Percentile
41.1%
Summary
IBM Security Verify Access can be vulnerable to manipulation of JWT tokens and could lead to obtaining sensitive information or possibly change some information.
Vulnerability Details
CVEID:CVE-2022-22311
**DESCRIPTION:**IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217226 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Verify Access | 10.0.0, 10.0.1, 10.0.2, 10.0.3 |
Remediation/Fixes
| Affected Product | Affected Version | Fix availability |
|---|---|---|
| IBM Security Verify Access | 10.0.0, 10.0.1, 10.0.2, 10.0.3 | fix pack: 10.0.3-ISS-ISVA-FP0001 |
Workarounds and Mitigations
None
Related
prion
prion
Input validation
2022-03-31 18:15:00
cve
cve
CVE-2022-22311
2022-03-31 18:15:09
cvelist
cvelist
CVE-2022-22311
2022-03-31 17:30:17
nvd
nvd
CVE-2022-22311
2022-03-31 18:15:09
EPSS
0.001
Percentile
41.1%
Related for 26695B8EA4E44B3ECE5653E4F8251A5CB00EBEEFB8EFFCD6A73DCE24CC713D18