CVE-2022-33161
Summary
| CVE | CVE-2022-33161 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-14 15:15:00 UTC |
| Updated | 2023-10-18 20:32:00 UTC |
| Description | IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. |
Risk And Classification
Problem Types: CWE-311
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Security Directory Integrator | 7.2.0 | All | All | All |
| Application | Ibm | Security Directory Server | 6.4.0.0 | All | All | All |
| Application | Ibm | Security Directory Suite | 8.0.1 | All | All | All |
| Application | Ibm | Security Verify Directory | 10.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | MISC | exchange.xforce.ibmcloud.com | |
| Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755) | MISC | www.ibm.com | |
| Security Bulletin: IBM Security Directory Server is vulnerable to remote attacks (CVE-2022-33161, CVE-2022-33165) | MISC | www.ibm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.