Buffer overflow in Security Directory Integrator and Security Verify Directory Integrator - CVE-2022-33162
Published: December 11, 2024
Vulnerability identifier: #VU101626
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-33162
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Security Directory Integrator
Security Verify Directory Integrator
Security Directory Integrator
Security Verify Directory Integrator
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to application does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. A remote attacker can create a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
How to mitigate CVE-2022-33162
Install updates from vendor's website.