CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35286
https://notcve.org/view.php?id=CVE-2022-35286
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814. IBM Security Verify Information Queue 10.0.2, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 230814. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230814 https://www.ibm.com/support/pages/node/6607057 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35288
https://notcve.org/view.php?id=CVE-2022-35288
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818. IBM Security Verify Information Queue versión 10.0.2, podría permitir a un usuario obtener información confidencial que podría usarse en otros ataques contra el sistema. IBM X-Force ID: 230818 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230818 https://www.ibm.com/support/pages/node/6606831 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35287
https://notcve.org/view.php?id=CVE-2022-35287
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. IBM Security Verify Information Queue versión 10.0.2, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, la comunicación de salida a componentes externos o el cifrado de datos internos. IBM X-Force ID: 230817 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230817 https://www.ibm.com/support/pages/node/6606827 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35285
https://notcve.org/view.php?id=CVE-2022-35285
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812. IBM Security Verify Information Queue versión 10.0.2, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 230812 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230812 https://www.ibm.com/support/pages/node/6606819 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35284
https://notcve.org/view.php?id=CVE-2022-35284
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811. IBM Security Verify Information Queue versión 10.0.2, podría divulgar información sensible debido a la falta o inseguridad del atributo SameSite para una cookie sensible. ID de IBM X-Force: 230811 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230811 https://www.ibm.com/support/pages/node/6606663 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •