Vulnerability in IBM Security Verify Let Attacker Extract Sensitive Information

Extra than one Records Disclosure vulnerabilities were came across in the IBM Safety Compare Records Queue, which is animated to repeat plenty of interior product particulars. This info can then be outmoded to conduct extra attacks.

IBM Safety Compare Records Queue is a pub/sub-essentially essentially based product integrator that might well fair additionally be outmoded for integrating info between IBM merchandise.

It uses Kafka expertise for integration, a dispensed info retailer ingestion, and processing info in right time.

CVE-2023-33833, CVE-2023-33834, CVE-2023-33835: IBM Records Queue Disclosure

This vulnerability impacts IBM Records Queue (ISIQ) variations outdated to 10.0.4 and 10.0.5 as they retailer sensitive info in plaintext that might well fair additionally be read by a local particular person.

The vulnerabilities CVE-2023-33834 and CVE-2023-33835 allow attacker to win entry to sensitive info, which assists in extra attacks.

The CVSS rating for these vulnerabilities has been given as CVE-2023-33833 (2.9), CVE-2023-33834 (5.3), and CVE-2023-33835 (5.3). All these vulnerabilities delight in the severity as Medium.

Affected Products and Mounted in Model

As per the safety advisory of IBM, Products that are struggling from these vulnerabilities and their mounted variations are given underneath.

Users of these merchandise are urged to upgrade to the most in style version of IBM Safety Compare Records Queue (10.0.6) to repair these vulnerabilities and terminate them from getting exploited by possibility actors.