IBM Security Verify Access can be vulnerable to manipulation of JWT tokens and could lead to obtaining sensitive information or possibly change some information.
CVEID:CVE-2022-22311
**DESCRIPTION:**IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217226 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Access | 10.0.0, 10.0.1, 10.0.2, 10.0.3 |
Affected Product | Affected Version | Fix availability |
---|---|---|
IBM Security Verify Access | 10.0.0, 10.0.1, 10.0.2, 10.0.3 | fix pack: 10.0.3-ISS-ISVA-FP0001 |
None