IBM Security Directory Server information disclosure
CVE-2022-33161

5.3MEDIUM

Key Information:

Vendor

IBM
Status
Security Directory Server
Vendor
CVE Published:
14 October 2023

What is CVE-2022-33161?

IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.

Affected Version(s)

Security Directory Server 6.4.0

References

https://www.ibm.com/support/pages/node/7047116
vendor-advisory
https://www.ibm.com/support/pages/node/7047428
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228569
vdb-entry

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.