CVE-2022-22349
4.3
CVSS:3.0/I:L/PR:L/AC:L/A:N/AV:N/C:N/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Sterling External Authentication Server | 6.0.3.0 | affected |
| IBM | Sterling External Authentication Server | 6.0.2.0 | affected |
| IBM | Sterling External Authentication Server | 3.4.3.2 | affected |
Weaknesses
- Gain Access
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6558928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220144
References
- https://www.ibm.com/support/pages/node/6558928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220144
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.