CVE-2022-33163 — Incorrect Permission Assignment in IBM Security Directory Suite VA

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

8.1HIGHNVD

CNA5.3

EPSS

0.0%

top 87.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Suite VA

Timeline

PublishedJun 15

Description

IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5ibm/security_directory_suite_va8.0.1

▶NVDibm/security_directory_suite_va8.0.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wpvp-7q8c-xvg3: IBM Security Directory Suite VA 8↗2023-06-15

▶

CVEList

IBM Security Directory Suite VA information disclosure↗2023-06-15

▶