IBM Security Products Vulnerable to Stored Cross-Site Scripting

CVE-2024-28772

5.4MEDIUM

Key Information

Vendor: IBM
Status: Security Directory Integrator; Security Verify Directory Integrator
Vendor: CVE Published:; 25 July 2024

Summary

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.

Affected Version(s)

Security Directory Integrator = 7.2.0

Security Verify Directory Integrator = 10.0.0

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: null to: 6.8 - (MEDIUM)
Jul 26, 2024
Vulnerability published.
Jul 25, 2024

Collectors

NVD DatabaseMitre Database

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, Ben Goodspeed