PT-2024-5991 · Ibm · Ibm Security Verify Directory Integrator+1
Ben Goodspeed
+8
·
Published
2024-07-24
·
Updated
2024-09-07
·
CVE-2022-33162
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Security Directory Integrator versions 7.2.0
IBM Security Verify Directory Integrator version 10.0.0
Description
The issue is related to the lack of authentication for certain functionality that requires a provable user identity or consumes significant resources, allowing operations at the privilege level of a standard unprivileged user. There is also a mention of a buffer overflow in memory, which could allow a remote attacker to bypass authentication procedures.
Recommendations
For IBM Security Directory Integrator version 7.2.0, consider implementing additional authentication mechanisms for functionality that requires a provable user identity or consumes significant resources.
For IBM Security Verify Directory Integrator version 10.0.0, consider implementing additional authentication mechanisms for functionality that requires a provable user identity or consumes significant resources.
As a temporary workaround, consider restricting access to the affected functionality until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Directory Integrator
Ibm Security Verify Directory Integrator