Lucene search

IBM9765A0B360275E533713CB63BF6364E27B33D71CFF819148F683C77D2331EE1F

HistoryAug 27, 2024 - 9:27 p.m.

Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Directory (CVE-2022-32753, CVE-2022-32756, CVE-2022-32754)

2024-08-2721:27:56

www.ibm.com

ibm security verify directory

vulnerabilities

web admin tool

cryptographic algorithms

remote attacker

sensitive information

ibm x-force id

cvss

product versions

remediation

interim fix

workarounds

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

JSON

Summary

Security Vulnerabilities discovered in Web Admin Tool provided by IBM Security Verify Directory products have been resolved.

Vulnerability Details

CVEID:CVE-2022-32753
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-32756
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Verify Directory	10.0
IBM Security Directory Server	6.4.0

Remediation/Fixes

IBM strongly recommends that customers update their products at the earliest convenience.

> IBM Security Verify Directory Web Administration Tool Container 10.0.1.0 or later:
>
>
docker pull icr.io/isvd/verify-directory-webadmin:latest

Affected Products and Versions	Fix Availability
IBM Security Directory Server 6.4.0	interim fix: 6.4.0.28-ISS-ISDS-IF0028
IBM Security Verify Dirctory 10.0.1 or later	Recommended Fixes for IBM Security Verify Directory

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_verify_directoryMatch10.0.0

ibmsecurity_directory_serverMatch6.4.0

VendorProductVersionCPE
ibmsecurity_verify_directory10.0.0cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*
ibmsecurity_directory_server6.4.0cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_verify_directory	10.0.0	cpe:2.3:a:ibm:security_verify_directory:10.0.0:::::::*
ibm	security_directory_server	6.4.0	cpe:2.3:a:ibm:security_directory_server:6.4.0:::::::*