PT-2022-15440 · Ibm · Ibm Security Verify Identity Manager
Ben Goodspeed
+8
·
Published
2022-07-14
·
Updated
2022-07-20
·
CVE-2022-22450
CVSS v3.1
3.8
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Verify Identity Manager version 10.0
Description
The issue allows a privileged user to upload a malicious file by bypassing extension security in an HTTP request.
Recommendations
For IBM Security Verify Identity Manager version 10.0, consider restricting file uploads or implementing additional security checks to prevent malicious file uploads until a patch is available. As a temporary workaround, consider disabling file upload functionality to minimize the risk of exploitation.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Verify Identity Manager