Sensitive Data Disclosure in IBM Security Directory Integrator 7.2.0
CVE-2024-28766 Published on January 27, 2025

IBM Security Directory Integrator information disclosure
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Exposure of Information Through Directory Listing

A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.


Products Associated with CVE-2024-28766

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-28766 are published in these products:

IBM Security Directory Integrator
 
IBM Security Verify Directory Integrator
 

Affected Versions

IBM Security Directory Integrator: IBM Security Verify Directory Integrator:

Exploit Probability

EPSS
0.16%
Percentile
36.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.