CVE-2022-33162

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 68.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Integrator IBM Security Verify Directory Integrator

Timeline

PublishedAug 16

Description

IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages4 packages

▶CVEListV5ibm/security_verify_directory_integrator10.0.0

▶NVDibm/security_verify_directory_integrator10.0.0

▶CVEListV5ibm/security_directory_integrator7.2.0

▶NVDibm/security_directory_integrator7.2.0

🔴Vulnerability Details

GHSA

GHSA-6f76-gwc4-m8pr: IBM Security Directory Integrator 7↗2024-08-16

▶

CVEList

IBM Directory Server buffer overflow↗2024-08-16

▶