IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7047116 | Patch Vendor Advisory |
https://www.ibm.com/support/pages/node/7047428 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7047116 | Patch Vendor Advisory |
https://www.ibm.com/support/pages/node/7047428 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7047116 - Patch, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7047428 - Patch, Vendor Advisory |
18 Oct 2023, 20:32
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-311 | |
First Time |
Ibm
Ibm security Directory Server Ibm security Directory Suite Ibm security Directory Integrator Ibm security Verify Directory |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
References | (MISC) https://www.ibm.com/support/pages/node/7047116 - Patch, Vendor Advisory | |
References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 - VDB Entry, Vendor Advisory | |
References | (MISC) https://www.ibm.com/support/pages/node/7047428 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_directory_suite:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:* |
14 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-14 15:15
Updated : 2024-11-21 07:07
NVD link : CVE-2022-33161
Mitre link : CVE-2022-33161
CVE.ORG link : CVE-2022-33161
JSON object : View
Products Affected
ibm
- security_directory_integrator
- security_verify_directory
- security_directory_server
- security_directory_suite
CWE
CWE-311
Missing Encryption of Sensitive Data