Remote Command Execution Vulnerability in IBM Security Directory Integrator
CVE-2024-28767

8.8HIGH

Key Information:

Vendor: IBM
Status: Security Directory Integrator
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-28767?

CVE-2024-28767 is a critical vulnerability affecting IBM Security Directory Integrator versions 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3. This vulnerability allows a remote authenticated attacker to execute arbitrary commands on the affected system by sending specially crafted requests. Organizations using these versions are strongly advised to update their systems promptly to mitigate the risks associated with this security flaw.

References

https://www.ibm.com/support/pages/node/7179558

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2024