Improper Input Validation
CVE-2022-22311
Summary
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.
- HIGH
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References
Advisory Timeline
- Published