Rewterz Threat Advisory – ICS: Schneider Electric IGSS Update Service Vulnerability
October 15, 2023Rewterz Threat Advisory – Multiple IBM App Connect Enterprise and IBM Integration Vulnerabilities
October 16, 2023Rewterz Threat Advisory – ICS: Schneider Electric IGSS Update Service Vulnerability
October 15, 2023Rewterz Threat Advisory – Multiple IBM App Connect Enterprise and IBM Integration Vulnerabilities
October 16, 2023Severity
Medium
Analysis Summary
CVE-2022-43868 CVSS:5.3
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system.
CVE-2022-43740 CVSS:7.5
IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption.
CVE-2022-43739 CVSS:4.1
IBM Security Verify Access OIDC could disclose information to a local user from log files that could be used in further attacks against the system.
Impact
- Information Theft
- Information Disclosure
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-43868
- CVE-2022-43740
- CVE-2022-43739
Affected Vendors
IBM
Affected Products
- IBM Security Verify Access OIDC Provider
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.