Rewterz Threat Update – Mantis Botnet Powered The Largest DDoS Attack In June
July 15, 2022Rewterz Threat Advisory –Multiple IBM WebSphere Application Server Vulnerabilities
July 15, 2022Rewterz Threat Update – Mantis Botnet Powered The Largest DDoS Attack In June
July 15, 2022Rewterz Threat Advisory –Multiple IBM WebSphere Application Server Vulnerabilities
July 15, 2022Severity
Medium
Analysis Summary
CVE-2022-35283 CVSS:6.5
IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.
CVE-2022-22460 CVSS:3
IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system.
CVE-2022-22453 CVSS:5.1
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2022-22452 CVSS:5.3
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2022-22450 CVSS:3.8
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request.
Impact
- Denail of Serivce
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-35283
- CVE-2022-22460
- CVE-2022-22453
- CVE-2022-22452
- CVE-2022-22450
Affected Vendors
IBM
Affected Products
- IBM Security Verify Information Queue 10.0.2
- IBM Security Verify Governance 10.0
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.
IBM Security Verify Information Queue
IBM Security Verify Governance