Improper access control in IBM InfoSphere Information Server - CVE-2022-22373

 

Improper access control in IBM InfoSphere Information Server - CVE-2022-22373

Published: July 5, 2022


Vulnerability identifier: #VU64916
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-22373
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
IBM InfoSphere Information Server

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the possible creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.


How to mitigate CVE-2022-22373

Install updates from vendor's website.

Sources