Insufficient Session Expiration Could Lead to Sensitive Information Theft
CVE-2022-32759

7.5HIGH

Key Information:

Summary

The vulnerability affects IBM Security Directory Integrator and IBM Security Verify Directory Integrator due to insufficient session expiration mechanisms. This flaw can potentially enable unauthorized users to gain access to sensitive information, compromising the integrity of the system. Organizations utilizing these products should review their session management practices to mitigate the risk associated with this vulnerability.

Affected Version(s)

Security Directory Integrator 7.2.0

Security Verify Directory Integrator 10.0.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, Ben Goodspeed
.