CVE-2022-33167

CWE-1004 CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 75.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Integrator IBM Security Verify Directory Integrator

Timeline

PublishedJul 30

Description

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5ibm/security_verify_directory_integrator10.0.0

▶NVDibm/security_verify_directory_integrator10.0.0

▶CVEListV5ibm/security_directory_integrator7.2.0

▶NVDibm/security_directory_integrator7.2.0

🔴Vulnerability Details

CVEList

IBM Security Directory Integrator information disclosure↗2024-07-30

▶

GHSA

GHSA-86w3-pw2m-73fq: IBM Security Directory Integrator 7↗2024-07-30

▶