Lucene search

IBM6D9D6F3F5602F1DF18C4679464C5502974EDE1856533C1484BC3BDA96755F656

HistoryMar 22, 2024 - 3:43 p.m.

Security Bulletin: Multiple Security Vulnerabilites have been fixed in IBM Security Verify Directory Container (CVE-2022-32753, CVE-2022-32756, CVE-2022-32751, CVE-2022-32754)

2024-03-2215:43:31

www.ibm.com

ibm

security verify directory container

vulnerabilities

version 10.0.0

cve-2022-32753

cve-2022-32756

cve-2022-32751

cve-2022-32754

ethical hacking

cryptographic algorithms

sensitive information disclosure

cross-site scripting

update

docker

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Summary

Multiple Vulnerabilities found by the IBM Ethical Hacking team have been fixed in IBM Verify Directory Container.

Vulnerability Details

CVEID:CVE-2022-32753
**DESCRIPTION:**IBM Security Directory Server uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-32756
**DESCRIPTION:**IBM Security Directory Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2022-32751
**DESCRIPTION:**IBM Security Directory Server could disclose sensitive server information that could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2022-32754
**DESCRIPTION:**IBM Security Directory Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228445 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Verify Directory	10.0.0

Remediation/Fixes

IBM strongly recommends that customers update their products at the earliest convenience.

IBM Security Verify Directory Container:

docker pull icr.io/isvd/verify-directory-server:10.0.0.0 latest

docker pull icr.io/isvd/verify-directory-proxy:10.0.0.0 latest

docker pull icr.io/isvd/verify-directory-seed:10.0.0.0 latest

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_verify_directoryMatch10.0.0

ibmsecurity_verify_directoryMatch10.0.1

CPENameOperatorVersion
ibm security verify directoryeq10.0.0
ibm security verify directoryeq10.0.1

CPE	Name	Operator	Version
	ibm security verify directory	eq	10.0.0
	ibm security verify directory	eq	10.0.1

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for 6D9D6F3F5602F1DF18C4679464C5502974EDE1856533C1484BC3BDA96755F656