Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM984470386C8CD0A86CF283C04585C8ED8BF33FF95914E393BFADD66D009B004D
HistoryJul 25, 2023 - 8:41 p.m.

Security Bulletin: IBM Security Directory Suite has multiple vulnerabilities [CVE-2022-33163 and CVE-2022-33168]

2023-07-2520:41:50
www.ibm.com
32
ibm security directory suite
version 8.0.1
cve-2022-33163
cve-2022-33168
resource permissions
denial of service
update
fix availability

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON

Summary

The following vulnerabilties in IBM Security Directory Suite have been addressed. Please apply the fixes shown below. [CVE-2022-33163 and CVE-2022-33168]

Vulnerability Details

CVEID:CVE-2022-33163
**DESCRIPTION:**IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228571 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-33168
**DESCRIPTION:**IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228588 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Directory Suite VA 8.0.1

Remediation/Fixes

IBM strongly recommends customers update their systems promptly.

Principal Product and Version Fix availability
IBM Security Directory Suite 8.0.1 refresh pack: 8.0.1-ISS-ISDS-FP0020.pkg

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_directory_suiteMatch8.0.1.
CPENameOperatorVersion
ibm security directory suiteeq8.0.1.

Related

cve 2
prion 2
nvd 2
cvelist 2
ibm 1
cve
cve
CVE-2022-33163
2023-06-15 02:15:09
CVE-2022-33168
2023-06-15 02:15:09
prion
prion
Design/Logic Flaw
2023-06-15 02:15:00
Design/Logic Flaw
2023-06-15 02:15:00
nvd
nvd
CVE-2022-33163
2023-06-15 02:15:09
CVE-2022-33168
2023-06-15 02:15:09
cvelist
cvelist
CVE-2022-33163 IBM Security Directory Suite VA information disclosure
2023-06-15 01:10:45
CVE-2022-33168 IBM Security Directory Suite VA denial of service
2023-06-15 01:19:01
ibm
ibm
Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)
2023-10-05 20:39:29

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON
Related for 984470386C8CD0A86CF283C04585C8ED8BF33FF95914E393BFADD66D009B004D
cve2prion2nvd2cvelist2ibm1