CVE-2022-22349
Summary
| CVE | CVE-2022-22349 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-24 17:15:00 UTC |
| Updated | 2022-03-02 21:14:00 UTC |
| Description | IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Sterling External Authentication Server | 3.4.3.2 | All | All | All |
| Application | Ibm | Sterling External Authentication Server | 6.0.2.0 | All | All | All |
| Application | Ibm | Sterling External Authentication Server | 6.0.3.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Bulletin: Multiple vulnerabilities were detected in IBM Sterling External Authentication Server (CVE-2022-22333, CVE-2022-22349) | CONFIRM | www.ibm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.