IBM Security Verify Privilege command execution
CVE-2022-22375

7.2HIGH

Key Information:

Vendor: IBM
Status: Security Verify Privilege
Vendor: CVE Published:; 17 October 2023

Summary

IBM Security Verify Privilege On-Premises 11.5 is susceptible to a vulnerability that allows remote authenticated attackers to execute arbitrary commands on the host system. This occurs when specially crafted requests are sent, potentially leading to unauthorized access and control over critical system functionalities. It is essential for users of this product to implement necessary security patches and access controls to mitigate the risks posed by this vulnerability.

Affected Version(s)

Security Verify Privilege 11.5

References

https://www.ibm.com/support/pages/node/7047202

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/221681

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Jan 3, 2022