CVE-2022-33159Sensitive Information Exposure in IBM Security Directory Suite VA

CWE-200Sensitive Information ExposureCWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.1%
top 83.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Directory Suite VA
Timeline
PublishedJun 15

Description

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/security_directory_suite_va8.0.18.0.1.19
NVDibm/security_directory_suite_va8.0.18.0.1.19

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-7cp5-xc65-xx7h: IBM Security Directory Suite VA 82023-06-15
CVEList
IBM Security Directory Suite VA information disclosure2023-06-15
CVE-2022-33159 — Sensitive Information Exposure in IBM | cvebase