Sensitive Data Disclosure in IBM Security Directory Integrator 7.2.0
CVE-2024-28766 Published on January 27, 2025
IBM Security Directory Integrator information disclosure
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.
Vulnerability Analysis
Weakness Type
Exposure of Information Through Directory Listing
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.
Products Associated with CVE-2024-28766
stack.watch emails you whenever new vulnerabilities are published in IBM Security Directory Integrator or IBM Security Verify Directory Integrator. Just hit a watch button to start following.
Affected Versions
IBM Security Directory Integrator:- Version 7.2.0 is affected.
- Version 10.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.