IBM2597C21196D82896BF4396453C8B264843F2C3D6D77C12F914A62F89E056ED01Security Bulletin: IBM Security Verify Information Queue web-app container is vulnerable to denial of service attack (CVE-2022-35283)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.8%
Summary
The web-app container in IBM Security Verify Information Queue (ISIQ) v10.0.2 can be shut down with a malformed HTTP request. ISIQ v10.0.3 has implemented stricter URL validation to prevent this type of denial of service attack. (CVE-2022-35283)
Vulnerability Details
CVEID:CVE-2022-35283
**DESCRIPTION:**IBM Security Verify Information Queue could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230810 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Verify Information Queue | 10.0.2 |
Remediation/Fixes
IBM encourages customers to update their systems promptly.
Download and install the latest ISIQ images, tagged at 10.0.3 or greater, from the ISIQ Starter Kit page at <https://www.ibm.com/support/pages/ibm-security-information-queue-starter-kit>
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security verify information queue | eq | 10.0.2 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.8%