CVE-2024-28766

Low

Published: 27 January 2025

Published

27 January 2025

Modified

14 July 2025

KEV Added

—

Patch

—

CVSS Score 2.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0009 26.0th percentile

Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.

Security Summary

CVE-2024-28766 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where the software could disclose sensitive information about directory contents. This information exposure vulnerability, mapped to CWE-548, carries a CVSS v3.1 base score of 2.4 (AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) and was published on 2025-01-27.

Attackers with high privileges (PR:H) on an adjacent network (AV:A) can exploit this with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables low-impact confidentiality disclosure (C:L) of directory contents, which could aid in further attacks against the system, without affecting integrity or availability.

IBM provides details on the vulnerability and mitigation in its security advisory at https://www.ibm.com/support/pages/node/7161444.

Details

CWE(s): CWE-548

Affected Products

ibm

security directory integrator

7.2.0

ibm

security verify directory integrator

10.0.0

References

https://www.ibm.com/support/pages/node/7161444
Vendor Advisory · psirt@us.ibm.com