Lucene search

IbmVULNRICHMENT:CVE-2024-22338

HistoryMay 31, 2024 - 10:36 a.m.

CVE-2024-22338 IBM Security Verify Access OIDC Provider information disclosure

2024-05-3110:36:52

CWE-20

ibm

github.com

ibm

verify access

oidc

security

disclosure

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:security_verify_access_oidc_provider:22.09:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:security_verify_access_oidc_provider:23.03:*:*:*:*:*:*:*"
    ],
    "vendor": "IBM",
    "product": "Security Verify Access OIDC Provider",
    "versions": [
      {
        "status": "affected",
        "version": "22.09",
        "versionType": "semver",
        "lessThanOrEqual": "23.03"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/279978

www.ibm.com/support/pages/node/7155340

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-22338