CVE-2024-22338 MEDIUM

Published: 2024-05-31 | Last Modified: 2025-08-14 | Status: Analyzed

Description

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.

Additional Descriptions (1)

IBM Security Verify Access OIDC Provider 22.09 a 23.03 podría revelar información confidencial a un usuario local debido a una validación de entrada peligrosa. ID de IBM X-Force: 279978.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-20
[email protected]	Primary	en NVD-CWE-noinfo

Affected Products

Vendor	Product	Version	Update	Type
ibm	security_verify_access_oidc_provider	*	<built-in method update of dict object at 0x7c3c32753840>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:ibm:security_verify_access_oidc_provider::::::::`

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/279978
Source: [email protected]

Vendor Advisory
https://www.ibm.com/support/pages/node/7155340
Source: [email protected]

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/279978
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://www.ibm.com/support/pages/node/7155340
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory