Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDAC8DA4972A349CA9CB80D8399841664AA99916A950E389B9F1192E500028399
HistoryOct 04, 2023 - 6:25 p.m.

Security Bulletin: IBM Security Directory Server is vulnerable to remote attacks (CVE-2022-33161, CVE-2022-33165)

2023-10-0418:25:29
www.ibm.com
9
ibm security directory integrator
ibm security directory server
remote attacks
vulnerabilities
update
sensitive information
http strict transport security
man in the middle
traversal attack

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%

JSON

Summary

IBM Security Directory Integrator has issued an update to address these vulnerabilities affecting IBM Security Directory Server.

Vulnerability Details

CVEID:CVE-2022-33161
**DESCRIPTION:**IBM Security Directory Server could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-33165
**DESCRIPTION:**IBM Security Directory Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228582 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Directory Integrator 7.2.0

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Affected Products and Version Fix Availability
IBM Security Directory Integrator 7.2.0-ISS-SDI-FP0010

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_directory_integratorMatch7.2
CPENameOperatorVersion
ibm security directory integratoreq7.2

Related

cve 2
nvd 2
prion 2
cvelist 2
ibm 2
cve
cve
CVE-2022-33161
2023-10-14 15:15:09
CVE-2022-33165
2023-10-14 15:15:09
nvd
nvd
CVE-2022-33161
2023-10-14 15:15:09
CVE-2022-33165
2023-10-14 15:15:09
prion
prion
Design/Logic Flaw
2023-10-14 15:15:00
Information disclosure
2023-10-14 15:15:00
cvelist
cvelist
CVE-2022-33165 IBM Security Directory Server information disclosure
2023-10-14 14:16:33
CVE-2022-33161 IBM Security Directory Server information disclosure
2023-10-14 14:14:04
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Directory Suite (CVE-2022-32753, CVE-2022-32751, CVE-2022-33165)
2024-05-01 23:29:27
Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)
2023-10-05 20:39:29

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%

JSON
Related for DAC8DA4972A349CA9CB80D8399841664AA99916A950E389B9F1192E500028399
cve2nvd2prion2cvelist2ibm2