Information Disclosure Vulnerability in IBM Security Directory Integrator Products
CVE-2024-28766

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Directory Integrator; Security Verify Directory Integrator
Vendor: CVE Published:; 27 January 2025

What is CVE-2024-28766?

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 possess a vulnerability that may allow attackers to obtain sensitive information related to directory contents. This exposure could facilitate further attacks on the system, compromising the integrity and confidentiality of the data. Organizations using these products should assess their systems for potential risks and apply security measures to protect against unauthorized access and data leakage.

Affected Version(s)

Security Directory Integrator 7.2.0

Security Verify Directory Integrator 10.0.0

References

https://www.ibm.com/support/pages/node/7161444

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2025