Vulnerabilities > CVE-2022-22323 - Out-of-bounds Write vulnerability in IBM Security Verify Password Synchronization

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

ibm

CWE-787

NVD

Published: 2022-04-27

Updated: 2022-05-05

Summary

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Verify Password Synchronization *	1
Application	Microsoft Microsoft Active Directory -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/218379
https://www.ibm.com/support/pages/node/6574671