CVE-2022-35646
MEDIUM WAF: Low
CVSS 5.3
Published: 2022-12-22
CWE-287 CWE-287
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | security_verify_governance | 10.0.1 |
References
- exchange.xforce.ibmcloud.com (VDB Entry, Vendor Advisory)
- www.ibm.com (Patch, Vendor Advisory)