CVE-2022-33167

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

3.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7161469 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7161469 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*
History

21 Nov 2024, 07:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 3.7
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7161469 - Vendor Advisory () https://www.ibm.com/support/pages/node/7161469 - Vendor Advisory

13 Aug 2024, 14:29

Type Values Removed Values Added
First Time Ibm
Ibm security Verify Directory Integrator
Ibm security Directory Integrator
CPE cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_directory_integrator:10.0.0:*:*:*:*:*:*:*
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7161469 - () https://www.ibm.com/support/pages/node/7161469 - Vendor Advisory
CWE CWE-732
CVSS v2 : unknown
v3 : 3.7 		v2 : unknown
v3 : 7.5

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 podrían permitir a un atacante remoto obtener información confidencial, causada por el fallo al establecer el indicador HTTPOnly. Un atacante remoto podría aprovechar esta vulnerabilidad para obtener información confidencial de la cookie. ID de IBM X-Force: 228587.

30 Jul 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-30 17:15

Updated : 2024-11-21 07:07

NVD link : CVE-2022-33167

Mitre link : CVE-2022-33167

CVE.ORG link : CVE-2022-33167

JSON object : View

Products Affected

ibm

  • security_directory_integrator
  • security_verify_directory_integrator
CWE
CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

CWE-732

Incorrect Permission Assignment for Critical Resource