IBM Security Verify Directory Vulnerable to Cross-Site Scripting
CVE-2022-32754

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Directory
Vendor: CVE Published:; 22 March 2024

What is CVE-2022-32754?

The vulnerability in IBM Security Verify Directory version 10.0.0 poses a risk of cross-site scripting, enabling attackers to inject arbitrary JavaScript code into the Web UI. This exploitation potentially alters intended functionalities and could lead to unauthorized access to user credentials within a trusted session. Organizations utilizing this product should take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

Security Verify Directory 10.0.0

References

https://www.ibm.com/support/pages/node/7145001

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/228445

vdb-entry

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2024
Vulnerability Reserved
Jun 9, 2022