Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM242F408ECC48D7E08148993966C8E99FFEB05B49E1751075A1C17701D8BCF5DC
HistoryJul 22, 2022 - 11:34 p.m.

Security Bulletin: IBM Security Verify Information Queue distributes configuration files with hard-coded credentials (CVE-2022-35287)

2022-07-2223:34:10
www.ibm.com
22

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

33.3%

JSON

Summary

IBM Security Verify Information Queue (ISIQ) v10.0.2 includes YAML files and property files with hard-coded credentials. ISIQ v10.0.3 has removed these files from the installation package since they are not required for product operation. (CVE-2022-35287)

Vulnerability Details

CVEID:CVE-2022-35287
**DESCRIPTION:**IBM Security Verify Information Queue contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230817 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Verify Information Queue 10.0.2

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Download and install the latest ISIQ images, tagged at 10.0.3 or greater, from the ISIQ Starter Kit page at <https://www.ibm.com/support/pages/ibm-security-information-queue-starter-kit&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_verify_information_queueMatch10.0.2

Related

nvd 1
cnvd 1
cvelist 1
prion 1
cve 1
nvd
nvd
CVE-2022-35287
2022-07-25 18:23:13
cnvd
cnvd
IBM Security Verify Information Queue Trust Management Issue Vulnerability
2022-07-27 00:00:00
cvelist
cvelist
CVE-2022-35287
2022-07-22 00:00:00
prion
prion
Hardcoded credentials
2022-07-25 18:23:00
cve
cve
CVE-2022-35287
2022-07-25 18:23:13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

33.3%

JSON
Related for 242F408ECC48D7E08148993966C8E99FFEB05B49E1751075A1C17701D8BCF5DC
nvd1cnvd1cvelist1prion1cve1