Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM88D15389B20CE293AB94322FCCEB4D4F4E3E3D48A0FFFC593D032886EBF11BA3
HistoryOct 14, 2023 - 5:16 a.m.

Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed multiple vulnerabilities (CVE-2022-43868, CVE-2022-43739, CVE-2022-43740)

2023-10-1405:16:14
www.ibm.com
28
ibm security verify access
oidc provider
fixed
vulnerabilities
cve-2022-43868
cve-2022-43739
cve-2022-43740
docker container
update
command

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.2%

JSON

Summary

Multiple security vulnerabilities have been addressed in the IBM Security Verify Access OpenID Connect (OIDC) Provider container.

Vulnerability Details

CVEID:CVE-2022-43868
**DESCRIPTION:**IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239445 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2022-43739
**DESCRIPTION:**IBM Security Verify Access OIDC could disclose information to a local user from log files that could be used in further attacks against the system.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238920 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-43740
**DESCRIPTION:**IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238921 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Verify Access OIDC Provider All

Remediation/Fixes

IBM encourages all customers to update their systems promptly.

IBM Security Verify Access OPenID Connect Provider (Docker Container)

Where [tag] is the latest published version and can be confirmed here.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_verify_accessMatch22.0.9
VendorProductVersionCPE
ibmsecurity_verify_access22.0.9cpe:2.3:a:ibm:security_verify_access:22.0.9:*:*:*:*:*:*:*

Related

prion 2
cnvd 1
vulnrichment 2
nvd 2
cvelist 2
cve 2
prion
prion
Code injection
2023-10-14 16:15:00
Design/Logic Flaw
2023-10-14 16:15:00
cnvd
cnvd
IBM Security Verify Access Resource Management Error Vulnerability
2023-10-17 00:00:00
vulnrichment
vulnrichment
CVE-2022-43740 IBM Security Verify Access denial of service
2023-10-14 15:13:27
CVE-2022-43868 IBM Security Verify Access information disclosure
2023-10-14 15:28:03
nvd
nvd
CVE-2022-43740
2023-10-14 16:15:10
CVE-2022-43868
2023-10-14 16:15:10
cvelist
cvelist
CVE-2022-43740 IBM Security Verify Access denial of service
2023-10-14 15:13:27
CVE-2022-43868 IBM Security Verify Access information disclosure
2023-10-14 15:28:03
cve
cve
CVE-2022-43740
2023-10-14 16:15:10
CVE-2022-43868
2023-10-14 16:15:10

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.2%

JSON
Related for 88D15389B20CE293AB94322FCCEB4D4F4E3E3D48A0FFFC593D032886EBF11BA3
prion2cnvd1vulnrichment2nvd2cvelist2cve2