Lucene search

IbmCVELIST:CVE-2022-32759

HistoryJul 25, 2024 - 5:11 p.m.

CVE-2022-32759 IBM Security Directory Server information disclosure

2024-07-2517:11:44

CWE-613

ibm

www.cve.org

ibm

directory server

information disclosure

session expiration

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.7%

JSON

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Security Directory Integrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Directory Integrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/228565

www.ibm.com/support/pages/node/7161446

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.7%

JSON

Related for CVELIST:CVE-2022-32759