Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBFB552B24525681E51D2CAB7F34F671FCDCDE7DE68E54F40A65A706DD8D1135A
HistoryJul 24, 2024 - 7:48 p.m.

Security Bulletin: IBM Security Directory Integrator vulnerable to sensitive data exposure (CVE-2022-33167)

2024-07-2419:48:01
www.ibm.com
3
ibm security directory integrator
vulnerability
sensitive information
update
fix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON

Summary

A Security Vulnerability discovered in the IBM Security Directory Integrator which could disclose sensitive information has affected the IBM Security Directory Server. The issue was addressed in an update.

Vulnerability Details

CVEID:CVE-2022-33167
**DESCRIPTION:**IBM Security Directory Server could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Directory Integrator 7.2.0
IBM Security Verify Directory Integrator 10.0.0

Remediation/Fixes

IBM Strongly recommends that customers update to the latest versions of software.

IBM Security Directory Integrator 10.0.0 Container images can be found in the documentation here.

https://www.ibm.com/docs/en/svdi/10.0.0?topic=containers-images

Principal Product and Versions

|

Fix Availability

—|—

IBM Security Director Integrator 7.2.0

|

7.2.0-ISS-SDI-FP0009

IBM Security Directory Integrator 10.0.0

|

ibm-svdi-10.0.0.1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_directory_integratorMatch7.2.0
OR
ibmsecurity_directory_integratorMatch10.0.0
VendorProductVersionCPE
ibmsecurity_directory_integrator7.2.0cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
ibmsecurity_directory_integrator10.0.0cpe:2.3:a:ibm:security_directory_integrator:10.0.0:*:*:*:*:*:*:*

Related

cve 1
vulnrichment 1
nvd 1
cvelist 1
cve
cve
CVE-2022-33167
2024-07-30 17:15:10
vulnrichment
vulnrichment
CVE-2022-33167 IBM Security Directory Integrator information disclosure
2024-07-30 17:05:35
nvd
nvd
CVE-2022-33167
2024-07-30 17:15:10
cvelist
cvelist
CVE-2022-33167 IBM Security Directory Integrator information disclosure
2024-07-30 17:05:35

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON
Related for BFB552B24525681E51D2CAB7F34F671FCDCDE7DE68E54F40A65A706DD8D1135A
cve1vulnrichment1nvd1cvelist1