Severity
Medium
Analysis Summary
CVE-2022-35646 CVSS:5.9
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user’s access request using man-in-the-middle techniques.
CVE-2022-22461 CVSS:5.9
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2022-22449 CVSS:5.3
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2022-22458 CVSS:6.3
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user.
CVE-2022-22456 CVSS:4.2
IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2022-22457 CVSS:5.3
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user.
Impact
- Security Bypass
- Information Disclosure
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2022-35646
- CVE-2022-22461
- CVE-2022-22449
- CVE-2022-22458
- CVE-2022-22456
- CVE-2022-22457
Affected Vendors
IBM
Affected Products
- IBM Security Verify Governance 10.0.1
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.