Insufficient Session Expiration Could Lead to Sensitive Information Theft
CVE-2022-32759
7.5HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 25 July 2024
Summary
The vulnerability affects IBM Security Directory Integrator and IBM Security Verify Directory Integrator due to insufficient session expiration mechanisms. This flaw can potentially enable unauthorized users to gain access to sensitive information, compromising the integrity of the system. Organizations utilizing these products should review their session management practices to mitigate the risk associated with this vulnerability.
Affected Version(s)
Security Directory Integrator 7.2.0
Security Verify Directory Integrator 10.0.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, Ben Goodspeed