Insufficient Session Expiration Could Lead to Sensitive Information Theft
CVE-2022-32759

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Directory Integrator; Security Verify Directory Integrator
Vendor: CVE Published:; 25 July 2024

Summary

The vulnerability affects IBM Security Directory Integrator and IBM Security Verify Directory Integrator due to insufficient session expiration mechanisms. This flaw can potentially enable unauthorized users to gain access to sensitive information, compromising the integrity of the system. Organizations utilizing these products should review their session management practices to mitigate the risk associated with this vulnerability.

Affected Version(s)

Security Directory Integrator 7.2.0

Security Verify Directory Integrator 10.0.0

References

https://www.ibm.com/support/pages/node/7161446

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/228565

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2024
Vulnerability Reserved
Jun 9, 2022

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, Ben Goodspeed