CVE-2022-35285: CSRF
First published: Tue Jul 12 2022(Updated: )
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Verify Information Queue | =10.0.2 | |
| Linux Linux kernel | ||
| IBM Security Verify Information Queue | <=10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-35285.
What is the severity of CVE-2022-35285?
The severity of CVE-2022-35285 is high with a score of 8.8.
What is the affected software for CVE-2022-35285?
The affected software for CVE-2022-35285 is IBM Security Verify Information Queue version 10.0.2.
What actions could an attacker perform with this vulnerability?
An attacker could execute malicious and unauthorized actions transmitted from a trusted user of the website.
Is there a fix available for CVE-2022-35285?
Yes, IBM has provided a fix for CVE-2022-35285. Please refer to the IBM Support page for more information.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm security verify information queue
- version/ibm security verify information queue/10.0.2
- vendor/linux
- canonical/linux linux kernel