CVE-2022-35284
First published: Fri Jul 15 2022(Updated: )
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Verify Information Queue | =10.0.2 | |
| IBM Security Verify Information Queue | <=10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-35284.
What is the severity of CVE-2022-35284?
The severity of CVE-2022-35284 is high.
How does IBM Security Verify Information Queue disclose sensitive information?
IBM Security Verify Information Queue discloses sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
Which software version is affected by CVE-2022-35284?
The affected software version for CVE-2022-35284 is IBM Security Verify Information Queue 10.0.2.
How can I fix the vulnerability CVE-2022-35284?
To fix the vulnerability CVE-2022-35284, update IBM Security Verify Information Queue to a version that includes the fix for the missing or insecure SameSite attribute.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm security verify information queue
- version/ibm security verify information queue/10.0.2