Lucene search

IBM83C80B08FB0FFEC845E5906C48D578DF4A542EDE8F8B86BED9110DC7E75A5D32

HistoryJul 24, 2024 - 3:52 p.m.

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2022-32754, CVE-2024-28722)

2024-07-2415:52:51

www.ibm.com

ibm security directory integrator

vulnerability

cross-site scripting

cve-2022-32754

cve-2024-28772

ibm security directory server

update

containers images

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

Percentile

15.5%

JSON

Summary

The IBM Security Directory Integrator product is vulnerable to cross-site scripting which affects the IBM Security Directory Server

Vulnerability Details

CVEID:CVE-2022-32754
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228445 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2024-28772
**DESCRIPTION:**IBM Security Directory Integrator is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285645 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Verify Directory Integrator	10.0.0
IBM Security Directory Integrator	7.2.0

Remediation/Fixes

IBM strongly recommends that customers update to the latest versions of software.

IBM Security Directory Integrator 10.0.0 Container images can be found in the documentation here.

https://www.ibm.com/docs/en/svdi/10.0.0?topic=containers-images

Principal Product and Versions

Fix Availability

—|—

IBM Security Director Integrator 7.2.0

7.2.0-ISS-SDI-FP0012

IBM Security Verify Directory Integrator 10.0.0

ibm-svdi-10.0.0.1

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_directory_integratorMatch7.2.0

ibmsecurity_directory_integratorMatch10.0.0

VendorProductVersionCPE
ibmsecurity_directory_integrator7.2.0cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
ibmsecurity_directory_integrator10.0.0cpe:2.3:a:ibm:security_directory_integrator:10.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_directory_integrator	7.2.0	cpe:2.3:a:ibm:security_directory_integrator:7.2.0:::::::*
ibm	security_directory_integrator	10.0.0	cpe:2.3:a:ibm:security_directory_integrator:10.0.0:::::::*

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for 83C80B08FB0FFEC845E5906C48D578DF4A542EDE8F8B86BED9110DC7E75A5D32