admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/22xxx/CVE-2022-22349.json
CVE Team 1dcf64e35e
"-Synchronized-Data."
2022-02-24 18:01:20 +00:00

96 lines
3.1 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"DATE_PUBLIC": "2022-02-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22349",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6558928",
"title": "IBM Security Bulletin 6558928 (Sterling External Authentication Server)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6558928"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220144",
"name": "ibm-spectrum-cve202222349-path-traversal (220144)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling External Authentication Server",
"version": {
"version_data": [
{
"version_value": "6.0.3.0"
},
{
"version_value": "6.0.2.0"
},
{
"version_value": "3.4.3.2"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"I": "L",
"PR": "L",
"AC": "L",
"A": "N",
"AV": "N",
"C": "N",
"S": "U",
"UI": "N",
"SCORE": "4.300"
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink