CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/I:L/PR:L/AC:L/A:N/AV:N/C:N/S:U/UI:N/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
ibmsterling_external_authentication_server
3.4.3.2
ibmsterling_external_authentication_server
6.0.2.0
ibmsterling_external_authentication_server
6.0.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/220144
https://www.ibm.com/support/pages/node/6558928
https://exchange.xforce.ibmcloud.com/vulnerabilities/220144
https://www.ibm.com/support/pages/node/6558928