Lucene search

China National Vulnerability DatabaseCNVD-2022-87651

HistoryJul 11, 2022 - 12:00 a.m.

IBM Security Verify Access Cross-Site Scripting Vulnerability (CNVD-2022-87651)

2022-07-1100:00:00

China National Vulnerability Database

www.cnvd.org.cn

ibm security verify access

cross-site scripting

vulnerability

user access security

risk-based access

single sign-on

access management controls

identity federation

mobile multi-factor authentication

remote user

specially crafted links

arbitrary html

scripting code

vulnerable websites

remote attacker

xss attacks

ibm usa

0.001 Low

EPSS

Percentile

19.6%

JSON

IBM Security Verify Access (ISAM) is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity federation and mobile multi-factor authentication IBM Security Verify Access has a cross-site scripting vulnerability that exists from inadequate cleaning of user-provided data. A remote user can trick victims into following specially crafted links and executing arbitrary HTML and scripting code on vulnerable websites in the user’s browser. A remote attacker could use this vulnerability to execute cross-site scripting (XSS) attacks.

CPENameOperatorVersion
ibm ibm security verify access 1.0eq0.0.0
ibm ibm security verify access 10.eq0.1.0
ibm ibm security verify access 10.eq0.2.0
ibm ibm security verify access 10.eq0.3.0

Name	Operator	Version
ibm ibm security verify access 1.0	eq	0.0.0
ibm ibm security verify access 10.	eq	0.1.0
ibm ibm security verify access 10.	eq	0.2.0
ibm ibm security verify access 10.	eq	0.3.0

0.001 Low

EPSS

Percentile

19.6%

JSON

Related for CNVD-2022-87651