Unauthorized Cookie Exposure in IBM Security Directory Integrator
CVE-2024-28771

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Security Directory Integrator; Security Verify Directory Integrator
Vendor: CVE Published:; 27 January 2025

What is CVE-2024-28771?

IBM Security Directory Integrator and IBM Security Verify Directory Integrator are vulnerable due to improper management of authorization tokens and session cookies. Specifically, the secure attribute is not set, which allows attackers to exploit this weakness. By crafting malicious links and disseminating them to unsuspecting users, attackers can potentially intercept cookie values through unsecured connections. This vulnerability can lead to session hijacking, where unauthorized individuals gain access to sensitive user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Security Directory Integrator 7.2.0

Security Verify Directory Integrator 10.0.0

References

https://www.ibm.com/support/pages/node/7161444

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025

JSON

IBM