Sign-up

ID

VAR-202207-0328


CVE

CVE-2022-22370


TITLE

IBM Security Verify Access  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015241

DESCRIPTION

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. Vendor exploits this vulnerability IBM X-Force ID: 221194 It is published as.Information may be obtained and information may be tampered with. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies by using risk-based access, single sign-on, integrated access management controls, identity federation, and mobile multi-factor authentication A cross-site scripting vulnerability exists in IBM Security Verify Access version 10.0.0 that arises from insufficient sanitization of user-supplied data. A remote user can trick a victim into following a specially crafted link and execute arbitrary HTML and script code on the vulnerable website in the user's browser

Trust: 2.25

sources: NVD: CVE-2022-22370 // JVNDB: JVNDB-2022-015241 // CNNVD: CNNVD-202207-539 // VULMON: CVE-2022-22370

AFFECTED PRODUCTS

vendor:ibmmodel:security verify accessscope:eqversion:10.0.1.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.3.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.0.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.2.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015241 // NVD: CVE-2022-22370

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-22370
value: MEDIUM

Trust: 1.8

psirt@us.ibm.com: CVE-2022-22370
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202207-539
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-22370
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2022-22370
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@us.ibm.com:
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: CVE-2022-22370
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-22370 // JVNDB: JVNDB-2022-015241 // NVD: CVE-2022-22370 // NVD: CVE-2022-22370 // CNNVD: CNNVD-202207-539

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-015241 // NVD: CVE-2022-22370

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-539

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202207-539

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-22370

PATCH
title:6601725 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6601725
Trust: 0.8
title:IBM Security Verify Access Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=198965
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-015241 // 
            
            
            
            CNNVD: CNNVD-202207-539

EXTERNAL IDS
db:NVDid:CVE-2022-22370
Trust: 3.3
db:JVNDBid:JVNDB-2022-015241
Trust: 0.8
db:CS-HELPid:SB2022070714
Trust: 0.6
db:CNNVDid:CNNVD-202207-539
Trust: 0.6
db:VULMONid:CVE-2022-22370
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-22370 // 
            
            
            
            JVNDB: JVNDB-2022-015241 // 
            
            
            
            NVD: CVE-2022-22370 // 
            
            
            
            CNNVD: CNNVD-202207-539

REFERENCES
url:https://www.ibm.com/support/pages/node/6601725
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/221194
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-22370
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-22370/
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022070714
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-22370 // 
            
            
            
            JVNDB: JVNDB-2022-015241 // 
            
            
            
            NVD: CVE-2022-22370 // 
            
            
            
            CNNVD: CNNVD-202207-539

SOURCES
db:VULMONid:CVE-2022-22370
db:JVNDBid:JVNDB-2022-015241
db:NVDid:CVE-2022-22370
db:CNNVDid:CNNVD-202207-539

LAST UPDATE DATE
2023-12-18T13:55:23.276000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-22370date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-015241date:2023-09-26T02:20:00
db:NVDid:CVE-2022-22370date:2022-07-20T17:21:21.043
db:CNNVDid:CNNVD-202207-539date:2022-07-21T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-22370date:2022-07-08T00:00:00
db:JVNDBid:JVNDB-2022-015241date:2023-09-26T00:00:00
db:NVDid:CVE-2022-22370date:2022-07-08T18:15:09.513
db:CNNVDid:CNNVD-202207-539date:2022-07-07T00:00:00