Home Latest News Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information

Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information

by CISOCONNECT Bureau

Multiple Information Disclosure vulnerabilities were discovered in the IBM Security Verify Information Queue, which can reveal several internal product details. This information can then be used to conduct further attacks.

IBM Security Verify Information Queue is a pub/sub-based product integrator that can be used for integrating data between IBM products.

It uses Kafka technology for integration, a distributed data store ingestion, and processing data in real time.

This vulnerability affects IBM Information Queue (ISIQ) versions prior to 10.0.4 and 10.0.5 as they store sensitive information in plaintext that can be read by a local user.

The vulnerabilities CVE-2023-33834 and CVE-2023-33835 allow a remote attacker to access sensitive information, which assists in further attacks.

The CVSS score for these vulnerabilities has been given as CVE-2023-33833 (2.9), CVE-2023-33834 (5.3), and CVE-2023-33835 (5.3). All these vulnerabilities have the severity as Medium.

Affected Products and Fixed in Version
As per the security advisory of IBM, Products that are affected by these vulnerabilities and their fixed versions are given below.

 

Affected Product(s) Version(s) Fixed in Version
IBM Security Verify Information Queue 10.0.4 10.0.6
IBM Security Verify Information Queue 10.0.5

 

Users of these products are recommended to upgrade to the latest version of IBM Security Verify Information Queue (10.0.6) to fix these vulnerabilities and prevent them from getting exploited by threat actors.

– Cyber Security News

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads