IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7161469 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Aug 2024, 14:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7161469 - Vendor Advisory | |
CPE | cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:* |
|
CWE | CWE-732 | |
First Time |
Ibm security Verify Directory Integrator
Ibm Ibm security Directory Integrator |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
31 Jul 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Jul 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-30 17:15
Updated : 2024-08-13 14:29
NVD link : CVE-2022-33167
Mitre link : CVE-2022-33167
CVE.ORG link : CVE-2022-33167
JSON object : View
Products Affected
ibm
- security_directory_integrator
- security_verify_directory_integrator