CVE-2022-35646

Name of the Vulnerable Software and Affected Versions IBM Security Verify Governance, Identity Manager version 10.0.1

Description The issue is related to weaknesses in the authentication procedure of the Identity Manager component, which could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. This could potentially be exploited by a remote attacker.

Recommendations For version 10.0.1, consider implementing additional authentication measures to prevent man-in-the-middle attacks, and restrict access to sensitive features that allow modification or cancellation of access requests until a patch is available. As a temporary workaround, consider disabling the vulnerable authentication procedure until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.