November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2022-22280 – SonicWall Global Management System (GMS) and Analytics Vulnerability
July 26, 2022Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
July 26, 2022Rewterz Threat Advisory – CVE-2022-22280 – SonicWall Global Management System (GMS) and Analytics Vulnerability
July 26, 2022Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
July 26, 2022
Severity
Medium
Analysis Summary
CVE-2022-35288 CVSS:5.3
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system.
CVE-2022-35287 CVSS:6.8
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2022-35285 CVSS:6.5
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2022-35284 CVSS:5.3
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
Impact
- Information Disclosure
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2022-35288
- CVE-2022-35287
- CVE-2022-35285
- CVE-2022-35284
Affected Vendors
IBM
Affected Products
- IBM Security Verify Information Queue 10.0.2
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.