PT-2022-22687 · Ibm · Ibm Security Verify Information Queue

Ben Goodspeed

Published

2022-07-25

Updated

2022-07-29

CVE-2022-35285

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Security Verify Information Queue version 10.0.2

Description The issue allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts due to cross-site request forgery.

Recommendations For IBM Security Verify Information Queue version 10.0.2, consider implementing anti-CSRF measures, such as token-based validation, to prevent unauthorized actions. As a temporary workaround, restrict access to sensitive operations that could be exploited through cross-site request forgery until a patch is available.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2022-35285

Affected Products

Ibm Security Verify Information Queue

PT-2022-22687 · Ibm · Ibm Security Verify Information Queue

CVE-2022-35285

Weakness Enumeration

Related Identifiers

Affected Products

References · 5