CVE-2022-32759

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 70.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Integrator IBM Security Verify Directory Integrator IBM Security Verify Access

Timeline

PublishedJul 25

Description

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5ibm/security_verify_directory_integrator10.0.0

▶CVEListV5ibm/security_directory_integrator7.2.0

▶NVDibm/security_directory_integrator7.2.0

▶NVDibm/security_verify_access10.0.0

🔴Vulnerability Details

GHSA

GHSA-whqg-8c4f-4gwx: IBM Security Directory Integrator 7↗2024-07-25

▶

CVEList

IBM Security Directory Server information disclosure↗2024-07-25

▶