First published: Mon Jun 27 2022(Updated: )
IBM Security Access Manager Appliance is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Verify Access | <=10.0.0 | |
IBM Security Verify Access | =10.0.0.0 | |
IBM Security Verify Access | =10.0.1.0 | |
IBM Security Verify Access | =10.0.2.0 | |
IBM Security Verify Access | =10.0.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22463 is a vulnerability in IBM Security Access Manager Appliance that allows remote attackers to perform SQL injection.
CVE-2022-22463 allows remote attackers to send specially crafted SQL statements to view, add, modify, or delete information in the back-end database of IBM Security Access Manager Appliance.
CVE-2022-22463 has a severity level of 6.5, which is considered medium.
IBM Security Access Manager Appliance versions 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 are affected by CVE-2022-22463.
Yes, IBM has provided a fix for CVE-2022-22463. Please refer to the official IBM support page for more details.