IBM Security Verify Flaw Let Attacker Obtain Sensitive Information

Multiple Information Disclosure vulnerabilities were discovered in the IBM Security Verify Information Queue, which can reveal several internal product details. This information can then be used to conduct further attacks. 

IBM Security Verify Information Queue is a pub/sub-based product integrator that can be used for integrating data between IBM products.

It uses Kafka technology for integration, a distributed data store ingestion, and processing data in real time.

CVE-2023-33833, CVE-2023-33834, CVE-2023-33835: IBM Information Queue Disclosure

This vulnerability affects IBM Information Queue (ISIQ) versions prior to 10.0.4 and 10.0.5 as they store sensitive information in plaintext that can be read by a local user. 

The vulnerabilities CVE-2023-33834 and CVE-2023-33835 allow a remote attacker to access sensitive information, which assists in further attacks.

The CVSS score for these vulnerabilities has been given as CVE-2023-33833 (2.9), CVE-2023-33834 (5.3), and CVE-2023-33835 (5.3). All these vulnerabilities have the severity as Medium.

Affected Products and Fixed in Version

As per the security advisory of IBM, Products that are affected by these vulnerabilities and their fixed versions are given below.

Affected Product(s)Version(s)Fixed in Version
IBM Security Verify Information Queue10.0.410.0.6
IBM Security Verify Information Queue10.0.5

Users of these products are recommended to upgrade to the latest version of IBM Security Verify Information Queue (10.0.6) to fix these vulnerabilities and prevent them from getting exploited by threat actors.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.