Lucene search

IbmVULNRICHMENT:CVE-2022-32753

HistoryMar 22, 2024 - 3:26 p.m.

CVE-2022-32753 IBM Security Verify Directory information disclosure

2024-03-2215:26:23

CWE-326

ibm

github.com

ibm security verify directory

weak cryptographic algorithms

information disclosure

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "Security Verify Directory",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/228444

www.ibm.com/support/pages/node/7145001

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-32753