IBM Security Verify Access OIDC Provider Vulnerability Could Disclose Sensitive Information
CVE-2024-22338

4MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access Oidc Provider
Vendor: CVE Published:; 31 May 2024

Summary

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.

Affected Version(s)

Security Verify Access OIDC Provider 22.09 <= 23.03

References

https://www.ibm.com/support/pages/node/7155340

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/279978

vdb-entry

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 31, 2024
Vulnerability Reserved
Jan 8, 2024

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Troy Fisher, Geoffrey Owden, Ben Goodspeed, Dawid Bak, Marcin Bortkiewicz