IBM Verify Governance IM 10.0.1 Authenticated User MITM Access Request Abuse
CVE-2022-35646 Published on December 22, 2022

IBM Security Verify Governance, Identity Manager security bypass
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2022-35646 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2022-35646 has been classified to as an authentification vulnerability or weakness.


Products Associated with CVE-2022-35646

Want to know whenever a new CVE is published for IBM Security Verify Governance? stack.watch will email you.

IBM Security Verify Governance
 

Affected Versions

IBM Security Verify Governance, Identity Manager Version 10.0.1 is affected by CVE-2022-35646

Exploit Probability

EPSS
0.11%
Percentile
29.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.