CVE-2022-22349
MEDIUMIBM Sterling External Authentication Server <6.0.3.0 - Path Traversal
Title source: llmDescription
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6558928
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/220144
Scores
CVSS v3
4.3
EPSS
0.0038
EPSS Percentile
59.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-22
Status
published
Products (3)
ibm/sterling_external_authentication_server
3.4.3.2
ibm/sterling_external_authentication_server
6.0.2.0
ibm/sterling_external_authentication_server
6.0.3.0
Published
Feb 24, 2022
Tracked Since
Feb 18, 2026