Main Vulnerability Database Vulnerabilities #VU64916

Improper access control in IBM InfoSphere Information Server - CVE-2022-22373

Published: July 5, 2022

Vulnerability identifier: #VU64916

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22373

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM InfoSphere Information Server

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the possible creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/221323
https://www.ibm.com/support/pages/node/6600235

Improper access control in IBM InfoSphere Information Server - CVE-2022-22373

Description

Remediation

External links

Please verify you're human