Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8AA89FF2B23ABB1373AD5537B7BF6A0DB7F929F423BA5472F71900DEA6A264EE
HistoryJul 24, 2024 - 3:50 p.m.

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2022-32759)

2024-07-2415:50:32
www.ibm.com
11
ibm security directory integrator
security vulnerability
session expiration
ibm security directory server
update
ibm security verify directory integrator
fix available

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

31.7%

JSON

Summary

The IBM Security Directory Integrator product uses insufficient session expiration which affects the IBM Security Directory Server. The issue has been addressed in an update.

Vulnerability Details

CVEID:CVE-2022-32759
**DESCRIPTION:**IBM Security Directory Server uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228565 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Directory Integrator 7.2.0
IBM Security Verify Directory Integrator 10.0.0

Remediation/Fixes

IBM Strongly recommends that customers update to the latest versions of software.

IBM Security Directory Integrator 10.0.0 Container images can be found in the documentation here.

https://www.ibm.com/docs/en/svdi/10.0.0?topic=containers-images

Principal Product and Versions

|

Fix Availability

—|—

IBM Security Director Integrator 7.2.0

|

7.2.0-ISS-SDI-FP0012

IBM Security Verify Directory Integrator 10.0.0

|

ibm-svdi-10.0.0.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_directory_integratorMatch7.2.0
OR
ibmsecurity_directory_integratorMatch10.0.0
VendorProductVersionCPE
ibmsecurity_directory_integrator7.2.0cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
ibmsecurity_directory_integrator10.0.0cpe:2.3:a:ibm:security_directory_integrator:10.0.0:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
cve 1
vulnrichment 1
nvd
nvd
CVE-2022-32759
2024-07-25 18:15:02
cvelist
cvelist
CVE-2022-32759 IBM Security Directory Server information disclosure
2024-07-25 17:11:44
cve
cve
CVE-2022-32759
2024-07-25 18:15:02
vulnrichment
vulnrichment
CVE-2022-32759 IBM Security Directory Server information disclosure
2024-07-25 17:11:44

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

31.7%

JSON
Related for 8AA89FF2B23ABB1373AD5537B7BF6A0DB7F929F423BA5472F71900DEA6A264EE
nvd1cvelist1cve1vulnrichment1