CVE-2022-33165

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGH
EPSS
0.0%
top 85.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Directory ServerIBM Security Directory Integrator
Timeline
PublishedOct 14

Description

IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-2q58-xp4p-xpqc: IBM Security Directory Server 62023-10-14
CVEList
IBM Security Directory Server information disclosure2023-10-14
CVE-2022-33165 (HIGH CVSS 7.5) | IBM Security Directory Server 6.4.0 | cvebase.io