CVE-2024-28772

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0

Description: The issue is related to stored cross-site scripting in the web interface of the affected software, allowing users to embed arbitrary JavaScript code in the Web UI. This could alter the intended functionality and potentially lead to credentials disclosure within a trusted session. The vulnerability can be exploited by a remote attacker to execute arbitrary JavaScript code and disclose protected information.

Recommendations: For IBM Security Directory Integrator version 7.2.0, update to a version that includes the fix for this issue. For IBM Security Verify Directory Integrator version 10.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.