Lucene search

IbmVULNRICHMENT:CVE-2022-33162

HistoryAug 16, 2024 - 6:33 p.m.

CVE-2022-33162 IBM Directory Server buffer overflow

2024-08-1618:33:35

CWE-119

ibm

github.com

ibm

directory server

buffer overflow

authentication

x-force id

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

32.5%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570.

References

exchange.xforce.ibmcloud.com/vulnerabilities/228570

www.ibm.com/support/pages/node/7161442

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

32.5%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-33162