Information Disclosure Vulnerability in IBM Security Directory Integrator Products
CVE-2024-28766

2.4LOW

Key Information:

Vendor: IBM
Status: Security Directory Integrator; Security Verify Directory Integrator
Vendor: CVE Published:; 27 January 2025

Summary

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 possess a vulnerability that may allow attackers to obtain sensitive information related to directory contents. This exposure could facilitate further attacks on the system, compromising the integrity and confidentiality of the data. Organizations using these products should assess their systems for potential risks and apply security measures to protect against unauthorized access and data leakage.

Affected Version(s)

Security Directory Integrator 7.2.0

Security Verify Directory Integrator 10.0.0

References

https://www.ibm.com/support/pages/node/7161444

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025