Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-22333

Опубликовано: 23 фев. 2022
Источник: nvd
CVSS3: 6.5
CVSS3: 6.5
CVSS2: 3.3
EPSS Низкий

Описание

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:sterling_external_authentication_server:3.4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_external_authentication_server:6.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_external_authentication_server:6.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%
0.00648
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-120

Связанные уязвимости

github логотип

GHSA-35cr-x5j7-prhh

github
почти 4 года назад

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.

EPSS

Процентиль: 70%
0.00648
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-120