IBM Security Directory Suite VA file upload
CVE-2022-33166

7.2HIGH

Key Information:

Vendor: IBM
Status: Security Directory Suite Va
Vendor: CVE Published:; 15 June 2023

Summary

A file upload vulnerability in IBM Security Directory Suite versions 8.0.1 through 8.0.1.19 allows a privileged user to upload potentially dangerous files, which may be automatically processed in the product's environment. This issue can lead to unauthorized access or manipulation of sensitive data within IBM's systems, highlighting the need for stringent file upload controls and monitoring.

Affected Version(s)

Security Directory Suite VA 8.0.1 <= 8.0.1.19

References

https://www.ibm.com/support/pages/node/7001693

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/228586

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
Jun 13, 2022