Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Rewterz Threat Update – Mantis Botnet Powered The Largest DDoS Attack In June
July 15, 2022
Rewterz
Rewterz Threat Advisory –Multiple IBM WebSphere Application Server Vulnerabilities
July 15, 2022

Rewterz Threat Advisory –Multiple IBM Security Verify Identity Manager Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-35283 CVSS:6.5
IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.

CVE-2022-22460 CVSS:3
IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system.

CVE-2022-22453 CVSS:5.1
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2022-22452 CVSS:5.3
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

CVE-2022-22450 CVSS:3.8
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. 

Impact

  • Denail of Serivce
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2022-35283
  • CVE-2022-22460
  • CVE-2022-22453
  • CVE-2022-22452
  • CVE-2022-22450

Affected Vendors

IBM

Affected Products

  • IBM Security Verify Information Queue 10.0.2
  • IBM Security Verify Governance 10.0

Remediation

Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.

IBM Security Verify Information Queue
IBM Security Verify Governance