CVE-2022-35646

2022-12-2220:15:34

CWE-287

[email protected]

web.nvd.nist.gov

ibm

security verify

governance

identity manager

vulnerability

authenticated user

access request

man-in-the-middle

ibm x-force id

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.0%

JSON

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user’s access request using man-in-the-middle techniques. IBM X-Force ID: 231096.

Affected configurations

Nvd

Node

ibmsecurity_verify_governanceMatch10.0.1

AND

ibmaixMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

oraclesolarisMatch--

VendorProductVersionCPE
ibmsecurity_verify_governance10.0.1cpe:2.3:a:ibm:security_verify_governance:10.0.1:*:*:*:*:*:*:*
ibmaix-cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
oraclesolaris-cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*

Vendor	Product	Version	CPE
ibm	security_verify_governance	10.0.1	cpe:2.3:a:ibm:security_verify_governance:10.0.1:::::::*
ibm	aix	-	cpe:2.3:o:ibm:aix:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
oracle	solaris	-	cpe:2.3:o:oracle:solaris:-::::::-: