{"api_version":"1","generated_at":"2026-05-14T14:12:53+00:00","cve":"CVE-2022-33161","urls":{"html":"https://cve.report/CVE-2022-33161","api":"https://cve.report/api/cve/CVE-2022-33161.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-33161","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-33161"},"summary":{"title":"CVE-2022-33161","description":"IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.  X-Force ID:  228569.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2023-10-14 15:15:00","updated_at":"2023-10-18 20:32:00"},"problem_types":["CWE-311"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/228569","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/228569","refsource":"MISC","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/7047428","name":"https://www.ibm.com/support/pages/node/7047428","refsource":"MISC","tags":[],"title":"Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities  (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/7047116","name":"https://www.ibm.com/support/pages/node/7047116","refsource":"MISC","tags":[],"title":"Security Bulletin: IBM Security Directory Server is vulnerable to remote attacks (CVE-2022-33161, CVE-2022-33165)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-33161","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-33161","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"33161","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_directory_integrator","cpe6":"7.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"33161","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_directory_server","cpe6":"6.4.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"33161","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_directory_suite","cpe6":"8.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"33161","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_verify_directory","cpe6":"10.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-33161","ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.  X-Force ID:  228569."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-311 Missing Encryption of Sensitive Data","cweId":"CWE-311"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Security Directory Server","version":{"version_data":[{"version_affected":"=","version_value":"6.4.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.ibm.com/support/pages/node/7047116","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/7047116"},{"url":"https://www.ibm.com/support/pages/node/7047428","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/7047428"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/228569","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/228569"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-14 15:15:00","lastModifiedDate":"2023-10-18 20:32:00","problem_types":["CWE-311"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_directory_suite:8.0.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}