IBM Security Directory Integrator 7.2.0/10.0.0 Insufficient Session Expiration
CVE-2022-32759 Published on July 25, 2024
IBM Security Directory Server information disclosure
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.
Vulnerability Analysis
CVE-2022-32759 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Products Associated with CVE-2022-32759
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-32759 are published in these products:
Affected Versions
IBM Security Directory Integrator:- Version 7.2.0 is affected.
- Version 10.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.