exploitDog

CVE-2022-33164

Опубликовано: 08 сент. 2023

Источник: nvd

CVSS3: 8.7

CVSS3: 9.1

EPSS Низкий

Описание

IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/228579
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7031021
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228579
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7031021
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:security_directory_server:7.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00037

Низкий

8.7 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-fmxp-7cwf-fmr4

CVSS3: 8.7

github

больше 2 лет назад

IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.

EPSS

Процентиль: 11%

0.00037

Низкий

8.7 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22

CWE-22