CVE-2022-35646

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-35646
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/231096 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6850809 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:security_verify_governance:10.0.1:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
History

07 Nov 2023, 03:49

Type Values Removed Values Added
Summary IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096. IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.

31 Dec 2022, 03:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
CPE cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_governance:10.0.1:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
First Time Oracle solaris
Ibm
Ibm aix
Linux
Linux linux Kernel
Microsoft windows
Microsoft
Oracle
Ibm security Verify Governance
CWE CWE-287
References (MISC) https://www.ibm.com/support/pages/node/6850809 - (MISC) https://www.ibm.com/support/pages/node/6850809 - Patch, Vendor Advisory
References (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/231096 - (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/231096 - VDB Entry, Vendor Advisory

22 Dec 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-22 20:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-35646

Mitre link : CVE-2022-35646

CVE.ORG link : CVE-2022-35646

JSON object : View

Products Affected

oracle

  • solaris

ibm

  • security_verify_governance
  • aix

microsoft

  • windows

linux

  • linux_kernel
CWE
CWE-287

Improper Authentication