Lucene search

IbmCVELIST:CVE-2024-28772

HistoryJul 25, 2024 - 5:18 p.m.

CVE-2024-28772 IBM Security Directory Integrator cross-site scripting

2024-07-2517:18:40

CWE-79

ibm

www.cve.org

ibm

security directory integrator

cross-site scripting

vulnerability

arbitrary javascript

injection

potential

credentials disclosure

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

Percentile

13.2%

JSON

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Security Directory Integrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Directory Integrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/285645

www.ibm.com/support/pages/node/7161448

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

Percentile

13.2%

JSON

Related for CVELIST:CVE-2024-28772