Path Traversal Vulnerability in IBM Sterling External Authentication Server
CVE-2022-22349

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Sterling External Authentication Server
Vendor: CVE Published:; 24 February 2022

What is CVE-2022-22349?

The IBM Sterling External Authentication Server suffers from a path traversal vulnerability due to insufficient validation of RESTAPI configuration data. This weakness may allow an authorized user to exploit the system by importing invalid data, potentially leading to unauthorized access and manipulation of sensitive files on the server.

Affected Version(s)

Sterling External Authentication Server 6.0.3.0

Sterling External Authentication Server 6.0.2.0

Sterling External Authentication Server 3.4.3.2

References

https://www.ibm.com/support/pages/node/6558928

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/220144

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Jan 3, 2022