CVE-2022-22349

CWE-22Path Traversal3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 40.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling External Authentication Server
Timeline
PublishedFeb 24
Latest updateFeb 25

Description

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/sterling_external_authentication_server3.4.3.2, 6.0.2.0, 6.0.3.0+2
NVDibm/sterling_external_authentication_server3.4.3.2, 6.0.2.0, 6.0.3.0+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-h3w5-2c4f-pmfr: IBM Sterling External Authentication Server 32022-02-25
CVEList
CVE-2022-22349: IBM Sterling External Authentication Server 32022-02-24
CVE-2022-22349 (MEDIUM CVSS 4.3) | IBM Sterling External Authenticatio | cvebase.io