7.5
CVE-2022-22336
- EPSS 1.97%
- Veröffentlicht 23.02.2022 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:46:39
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling External Authentication Server Version3.4.3.2
Ibm ≫ Sterling External Authentication Server Version6.0.2.0
Ibm ≫ Sterling External Authentication Server Version6.0.3.0
Ibm ≫ Sterling Secure Proxy Version3.4.3.2
Ibm ≫ Sterling Secure Proxy Version6.0.2
Ibm ≫ Sterling Secure Proxy Version6.0.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.97% | 0.778 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| psirt@us.ibm.com | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://www.ibm.com/support/pages/node/6558796
https://exchange.xforce.ibmcloud.com/vulnerabilities/219395