CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
Security Vulnerabilities discovered in Web Admin Tool provided by IBM Security Verify Directory products have been resolved.
CVEID:CVE-2022-32753
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-32756
**DESCRIPTION:**IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Directory | 10.0 |
IBM Security Directory Server | 6.4.0 |
IBM strongly recommends that customers update their products at the earliest convenience.
> IBM Security Verify Directory Web Administration Tool Container 10.0.1.0 or later:
>
>
docker pull icr.io/isvd/verify-directory-webadmin:latest
Affected Products and Versions | Fix Availability |
---|---|
IBM Security Directory Server 6.4.0 | interim fix: 6.4.0.28-ISS-ISDS-IF0028 |
IBM Security Verify Dirctory 10.0.1 or later | Recommended Fixes for IBM Security Verify Directory |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | security_verify_directory | 10.0.0 | cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:* |
ibm | security_directory_server | 6.4.0 | cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low