SB2022042617 - Denial of service in IBM Security Verify Password Synchronization Plug-in for Windows AD

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022042617

SB2022042617 - Denial of service in IBM Security Verify Password Synchronization Plug-in for Windows AD

Published: April 26, 2022

Security Bulletin ID SB2022042617
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2022-22323)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote user can pass specially crafted data to the application, trigger heap-based buffer overflow and perform a denial of service (DoS) attack.


2) Heap-based buffer overflow (CVE-ID: CVE-2022-22312)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote user can pass specially crafted data to the application, trigger heap-based buffer overflow and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References