PT-2024-11581 · Ibm · Ibm Security Verify Directory Integrator+1

Ben Goodspeed

Published

2024-07-30

Updated

2024-08-13

CVE-2022-33167

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0

Description The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. A remote attacker could exploit this to obtain sensitive information.

Recommendations For IBM Security Directory Integrator version 7.2.0, upgrade the affected component immediately to mitigate the risk. For IBM Security Verify Directory Integrator version 10.0.0, upgrade the affected component immediately to mitigate the risk.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-1004

Related Identifiers

CVE-2022-33167

Affected Products

Ibm Security Directory Integrator

Ibm Security Verify Directory Integrator

PT-2024-11581 · Ibm · Ibm Security Verify Directory Integrator+1

CVE-2022-33167

Weakness Enumeration

Related Identifiers

Affected Products

References · 9