First published: Thu Oct 05 2023(Updated: )
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Directory Server | <=6.4.0 | |
IBM Security Directory Suite | <=8.0.1 | |
IBM Security Verify Directory | <=10.0.0 | |
IBM Security Directory Server | =6.4.0.0 | |
IBM Security Directory Suite | =8.0.1 | |
IBM Security Verify Directory | =10.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-32755 is a vulnerability in IBM Security Directory Server that allows for an XML External Entity Injection (XXE) attack.
CVE-2022-32755 allows a remote attacker to exploit the vulnerability and potentially expose sensitive information or consume memory resources.
CVE-2022-32755 has a severity rating of 5.5, which is considered medium.
IBM Security Directory Server version 6.4.0 is vulnerable to CVE-2022-32755.
To fix CVE-2022-32755, update IBM Security Directory Server to a version that is not affected by the vulnerability.