CVE-2024-28767

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 65.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Integrator

Timeline

PublishedDec 20

Description

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/security_directory_integrator7.2.0 — 7.2.0.13+1

▶NVDibm/security_directory_integrator7.2.0 — 7.2.0.13+1

🔴Vulnerability Details

GHSA

GHSA-2m82-q8pv-p7fx: IBM Security Directory Integrator 7↗2024-12-20

▶

CVEList

IBM Security Directory Integrator command execution↗2024-12-20

▶