Insufficient Session Expiration Could Lead to Sensitive Information Theft

CVE-2022-32759

7.5HIGH

Key Information

Vendor: IBM
Status: Security Directory Integrator; Security Verify Directory Integrator
Vendor: CVE Published:; 25 July 2024

Summary

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

Affected Version(s)

Security Directory Integrator = 7.2.0

Security Verify Directory Integrator = 10.0.0

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 5.3 - (MEDIUM)
Aug 3, 2024
Risk change from: 7.5 to: 5.3 - (MEDIUM)
Aug 3, 2024
Vulnerability published.
Jul 25, 2024
Vulnerability Reserved.
Jun 9, 2022

Collectors

NVD DatabaseMitre Database

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, Ben Goodspeed