PT-2024-11579 · Ibm · Ibm Security Verify Directory Integrator+1
Ben Goodspeed
+8
·
Published
2024-07-25
·
Updated
2024-08-02
·
CVE-2022-32759
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Directory Integrator version 7.2.0
IBM Security Verify Directory Integrator version 10.0.0
Description
The issue is related to insufficient session expiration, which could allow an unauthorized user to obtain sensitive information.
Recommendations
For IBM Security Directory Integrator version 7.2.0, update to a version that properly implements session expiration to prevent unauthorized access.
For IBM Security Verify Directory Integrator version 10.0.0, update to a version that properly implements session expiration to prevent unauthorized access.
As a temporary workaround, consider implementing additional session monitoring and timeout measures to minimize the risk of exploitation.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Directory Integrator
Ibm Security Verify Directory Integrator