IBM Security Verify Directory Vulnerability Could Lead to Sensitive Information Disclosure
CVE-2022-32756

2.7LOW

Key Information:

Vendor: IBM
Status: Security Verify Directory
Vendor: CVE Published:; 22 March 2024

Summary

A vulnerability exists in IBM Security Verify Directory 10.0.0, enabling remote attackers to exploit detailed technical error messages returned by the application. These messages may inadvertently expose sensitive information that can be leveraged for subsequent attacks against the affected system. Proper handling of error messages is essential to mitigate risks associated with this vulnerability, as attackers can utilize the leaked information to plan and execute further compromise of the system.

Affected Version(s)

Security Verify Directory 10.0.0

References

https://www.ibm.com/support/pages/node/7145001

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/228507

vdb-entry

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2024
Vulnerability Reserved
Jun 9, 2022