Multiple vulnerabilities in IBM Security Verify Access

1) Authentication Bypass by Spoofing

EUVDB-ID: #VU65845

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-22476

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute identity spoofing attacks.

The vulnerability exists due to an unspecified error in IBM WebSphere Application Server Liberty. A remote authenticated user can send a specially crafted request to perform identity spoofing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

CPE2.3

• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.2.0:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/6953617

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authentication

EUVDB-ID: #VU64197

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-22475

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to an unspecified error. A remote authenticated user can spoof identity of other application users.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

CPE2.3

• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.2.0:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/6953617

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU69209

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-34165

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

CPE2.3

• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.2.0:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/6953617

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU72071

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-36775

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

CPE2.3

• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:security_access_manager:10.0.2.0:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/6953617

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.