Remote Info Disclosure in IBM SDI 7.2.0.07.2.0.14 & 10.0.0.010.0.0.2
CVE-2024-28765 Published on May 27, 2026

Security vulnerability was found in IBM Security Directory Integrator
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-28765 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.


Products Associated with CVE-2024-28765

stack.watch emails you whenever new vulnerabilities are published in IBM Sdi or IBM Security Directory Integrator. Just hit a watch button to start following.

IBM Sdi
 
IBM Security Directory Integrator
 

Affected Versions

IBM SDI: IBM Security Directory Integrator: