CVE-2022-33167

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7161469 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*
History

13 Aug 2024, 14:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.7 		v2 : unknown
v3 : 7.5
First Time Ibm security Verify Directory Integrator
Ibm security Directory Integrator
Ibm
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7161469 - () https://www.ibm.com/support/pages/node/7161469 - Vendor Advisory
CPE cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
CWE CWE-732

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 podrían permitir a un atacante remoto obtener información confidencial, causada por el fallo al establecer el indicador HTTPOnly. Un atacante remoto podría aprovechar esta vulnerabilidad para obtener información confidencial de la cookie. ID de IBM X-Force: 228587.

30 Jul 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-30 17:15

Updated : 2024-08-13 14:29

NVD link : CVE-2022-33167

Mitre link : CVE-2022-33167

CVE.ORG link : CVE-2022-33167

JSON object : View

Products Affected

ibm

  • security_verify_directory_integrator
  • security_directory_integrator
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag