IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2022-55635)

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. Leverages Kafka technology and a publish/subscribe model to integrate data between IBM Security products. IBM Security Verify Information Queue version 10.0.2 is vulnerable to an information disclosure vulnerability that stems from an error message generated when an incorrectly formatted request to regenerate an external API token is sent to the server that The vulnerability is caused by an error message generated when a request to regenerate an external API token in the wrong format is sent to the server that displays sensitive data, which can be exploited by attackers to obtain sensitive information.