CVE-2022-22336Missing Release of Memory after Effective Lifetime in IBM Sterling Secure Proxy

CWE-401Missing Release of Memory after Effective Lifetime3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.6%
top 14.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling Secure ProxyIBM Sterling External Authentication Server
Timeline
PublishedFeb 23
Latest updateFeb 24

Description

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDibm/sterling_external_authentication_server3.4.3.2, 6.0.2.0, 6.0.3.0+2
CVEListV5ibm/sterling_secure_proxy3.4.3.2, 6.0.2.0, 6.0.3.0+2
NVDibm/sterling_secure_proxy3.4.3.2, 6.0.2, 6.0.3.0+2

🔴Vulnerability Details

2
GHSA
GHSA-4qgq-37m7-cp67: IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 62022-02-24
CVEList
CVE-2022-22336: IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 62022-02-23
CVE-2022-22336 — IBM vulnerability | cvebase