Lucene search

IBM212760DD5E46218AB482CF5A2A2B2B1003D13E1B85827566F123972A0C57F654

HistoryMay 01, 2024 - 11:29 p.m.

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Directory Suite (CVE-2022-32753, CVE-2022-32751, CVE-2022-33165)

2024-05-0123:29:27

www.ibm.com

ibm security

vulnerabilities

directory suite

update

fix available

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

Summary

Several vulnerabilities were fixed in the IBM Security Verify Directory Suite.

Vulnerability Details

CVEID:CVE-2022-32753
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-32751
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2022-33165
**DESCRIPTION:**IBM Security Directory Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228582 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Directory Suite	8.0.1.0 - 8.0.1.20

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Affected Products and Versions	Fix Availability
IBM Security Directory Suite	refresh pack: 8.0.1-ISS-ISDS-FP0021.pkg

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_directory_suiteMatch8.0.1.0

ibmsecurity_directory_suiteMatch8.0.1.20

CPENameOperatorVersion
ibm security directory suiteeq8.0.1.0
ibm security directory suiteeq8.0.1.20

CPE	Name	Operator	Version
	ibm security directory suite	eq	8.0.1.0
	ibm security directory suite	eq	8.0.1.20

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for 212760DD5E46218AB482CF5A2A2B2B1003D13E1B85827566F123972A0C57F654