IBM Security Verify Information Queue 10.0.2

CPE Details

IBM Security Verify Information Queue 10.0.2
ibm
security_verify_information_queue
10.0.2
2022-07-18
11h39 +00:00
2022-08-12
18h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:security_verify_information_queue:10.0.2:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

security_verify_information_queue

Version

10.0.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-35286 2022-07-26 14h25 +00:00 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.
8.8
High
CVE-2022-35288 2022-07-25 17h20 +00:00 IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.
6.5
Medium
CVE-2022-35287 2022-07-25 17h20 +00:00 IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.
7.5
High
CVE-2022-35285 2022-07-25 17h20 +00:00 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.
8.8
High
CVE-2022-35284 2022-07-25 17h20 +00:00 IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.
7.5
High
CVE-2022-35283 2022-07-14 16h25 +00:00 IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.