CVE-2024-28765 PUBLISHED

Security vulnerability was found in IBM Security Directory Integrator

Assigner: ibm
Reserved: 10.03.2024 Published: 27.05.2026 Updated: 27.05.2026

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	SDI
Versions	Default: unaffected affected from 7.2.0.0 to 7.2.0.14 (incl.)

Vendor	IBM
Product	Security Directory Integrator
Versions	Default: unaffected affected from 10.0.0.0 to 10.0.0.2 (incl.)

Solutions

IBM strongly encourages customers to update their systems promptly.

Principal Product and Versions

Fix Availability

IBM Security Director Integrator 7.2.0.15

7.2.0-ISS-SDI-FP0015 https://www.ibm.com/support/fixcentral/swg/selectFixes

IBM Security Verify Directory Integrator 10.0.0.3

IBM-SVDI-10.0.0.3 https://www.ibm.com/support/fixcentral/swg/selectFixes

References

https://www.ibm.com/support/pages/node/7268903

Problem Types

CWE-209 Generation of Error Message Containing Sensitive Information CWE