Lucene search

IBM14A55BB8D63AF5BD594CD4C735A434AB1303E8D4F5F040E41DFCB2750FF63663

HistoryMay 30, 2024 - 5:34 p.m.

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

2024-05-3017:34:39

www.ibm.com

ibm

security vulnerability

openid connect provider

sensitive information

hazardous input validation

cvss base score 4

update

container

docker pull

ibm security verify access

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Summary

The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12.

Vulnerability Details

CVEID:CVE-2024-22338
**DESCRIPTION:**IBM Security Verify Access OIDC Provider could disclose sensitive information to a local user due to hazardous input validation.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279978 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Verify Access OIDC Provider	22.09 - 23.03

Remediation/Fixes

**
IBM encourages customers to update their systems promptly.**

IBM Security Verify Access OpenID Connect Provider (Container)

Obtain the latest version of the container by running the command “docker pull icr.io/isva/verify-access-oidc-provider:[tag]”

Where [tag] is the latest published version and can be confirmed here.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_verify_accessMatch22.09

ibmsecurity_verify_accessMatch23.03

VendorProductVersionCPE
ibmsecurity_verify_access22.09cpe:2.3:a:ibm:security_verify_access:22.09:*:*:*:*:*:*:*
ibmsecurity_verify_access23.03cpe:2.3:a:ibm:security_verify_access:23.03:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_verify_access	22.09	cpe:2.3:a:ibm:security_verify_access:22.09:::::::*
ibm	security_verify_access	23.03	cpe:2.3:a:ibm:security_verify_access:23.03:::::::*

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for 14A55BB8D63AF5BD594CD4C735A434AB1303E8D4F5F040E41DFCB2750FF63663