CVE-2022-33167

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*

History

13 Aug 2024, 14:29

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7161469 - () https://www.ibm.com/support/pages/node/7161469 - Vendor Advisory
CPE cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*
CWE CWE-732
First Time Ibm security Verify Directory Integrator
Ibm
Ibm security Directory Integrator
CVSS v2 : unknown
v3 : 3.7
v2 : unknown
v3 : 7.5

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 podrían permitir a un atacante remoto obtener información confidencial, causada por el fallo al establecer el indicador HTTPOnly. Un atacante remoto podría aprovechar esta vulnerabilidad para obtener información confidencial de la cookie. ID de IBM X-Force: 228587.

30 Jul 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 17:15

Updated : 2024-08-13 14:29


NVD link : CVE-2022-33167

Mitre link : CVE-2022-33167

CVE.ORG link : CVE-2022-33167


JSON object : View

Products Affected

ibm

  • security_directory_integrator
  • security_verify_directory_integrator
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag