CVE-2022-33164 HIGH

CVE-2022-33164: IBM Security Directory Server path traversal

Vendor Ibm
Product Security Directory Integrator
Weakness CWE-22 · Path traversal
Published September 8, 2023
Last update September 26, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H

What the vulnerability does

01Description

IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.

Key dates

02Disclosure timeline

September 8, 2023 CVE published
September 26, 2024 Record updated