Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6AF7BCA27838FC54541462A6B7D573F11555928359F6DD201E9916A510F3A272
HistoryJul 24, 2024 - 3:40 p.m.

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2022-33162)

2024-07-2415:40:02
www.ibm.com
8
ibm security
directory integrator
authentication vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON

Summary

IBM Security Directory Integrator has addressed an issue where it did not perform authentication.

Vulnerability Details

CVEID:CVE-2022-33162
**DESCRIPTION:**IBM Security Directory Server does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228570 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Directory Integrator 7.2.0
IBM Security Verify Directory Integrator 10.0.0

Remediation/Fixes

IBM Strongly recommends that customers update to the latest versions of software.

IBM Security Directory Integrator 10.0.0 Container images can be found in the documentation here.

https://www.ibm.com/docs/en/svdi/10.0.0?topic=containers-images

Principal Product and Versions

|

Fix Availability

—|—

IBM Security Director Integrator 7.2.0

|

7.2.0-ISS-SDI-FP0012

IBM Security Verify Directory Integrator 10.0.0

|

ibm-svdi-10.0.0.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_directory_integratorMatch7.2.0
OR
ibmsecurity_directory_integratorMatch10.0.0
VendorProductVersionCPE
ibmsecurity_directory_integrator7.2.0cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
ibmsecurity_directory_integrator10.0.0cpe:2.3:a:ibm:security_directory_integrator:10.0.0:*:*:*:*:*:*:*

Related

cve 1
vulnrichment 1
cvelist 1
nvd 1
cve
cve
CVE-2022-33162
2024-08-16 19:15:06
vulnrichment
vulnrichment
CVE-2022-33162 IBM Directory Server buffer overflow
2024-08-16 18:33:35
cvelist
cvelist
CVE-2022-33162 IBM Directory Server buffer overflow
2024-08-16 18:33:35
nvd
nvd
CVE-2022-33162
2024-08-16 19:15:06

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON
Related for 6AF7BCA27838FC54541462A6B7D573F11555928359F6DD201E9916A510F3A272
cve1vulnrichment1cvelist1nvd1