CVE-2022-22386

MEDIUM

IBM Security Verify Privilege On-Premises 11.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221963.

References (2)

Scores

CVSS v3 5.3
EPSS 0.0002
EPSS Percentile 5.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-311
Status published
Products (1)
ibm/security_verify_privilege_on-premises < 11.5
Published Oct 17, 2023
Tracked Since Feb 18, 2026