IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/220144 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6558928 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-02-24 17:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-22349
Mitre link : CVE-2022-22349
CVE.ORG link : CVE-2022-22349
JSON object : View
Products Affected
ibm
- sterling_external_authentication_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')