IBM345A8F8AB6A17E5C3EEB013CA6E1A1130E84F01E84BA3CDE19BE490107A08357Security Bulletin: IBM Security Verify Directory products are vulnerable to CVE-2022-32751
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.3%
Summary
A Security Vulnerability discovered by the IBM Ethical Hacking team has been fixed in IBM Security Directory products.
Vulnerability Details
CVEID:CVE-2022-32751
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Verify Directory | 10.0.0.0 - 10.0.0.1 |
| IBM Security Directory Server | 6.4.0.0 - 6.4.0.27 |
Remediation/Fixes
IBM strongly recommends that customers update their products at the earliest convenience.
IBM Security Verify Directory Container 10.0.1.0 or later:
docker pull icr.io/isvd/verify-directory-server:latest
docker pull icr.io/isvd/verify-directory-proxy:latest
docker pull icr.io/isvd/verify-directory-seed:latest
| Affected Products and Versions | Fix Availability |
|---|---|
| IBM Security Directory Server 6.4.0 | interim fix: 6.4.0.28-ISS-ISDS-IF0028 |
Workarounds and Mitigations
None
Affected configurations
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.3%