CVE-2024-28765
Analyzed Analyzed - Analysis Complete
IBM Security Directory Integrator Information Disclosure Vulnerability

Publication date: 2026-05-27

Last updated on: 2026-06-03

Assigner: IBM Corporation

Description
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-03
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2024-28765
EUVD
EUVD-2024-55599
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm security_directory_integrator From 10.0.0 (inc) to 10.0.0.3 (exc)
ibm security_directory_integrator From 7.2.0 (inc) to 7.2.0.15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows a remote attacker to obtain sensitive information through detailed technical error messages displayed in the browser. Exposure of sensitive information can potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive data from unauthorized access.

Since the vulnerability involves information disclosure classified under CWE-209, it may increase the risk of further attacks that could compromise confidentiality, thereby impacting compliance with standards that mandate safeguarding sensitive information.

IBM recommends prompt updates to fixed versions to mitigate this risk, but no workarounds or mitigations are currently available, emphasizing the importance of timely patching to maintain compliance.

Executive Summary

This vulnerability (CVE-2024-28765) affects IBM Security Directory Integrator (SDI) versions 7.2.0.0 through 7.2.0.14 and 10.0.0.0 through 10.0.0.2. It allows a remote attacker to obtain sensitive information because detailed technical error messages are returned in the browser.

These detailed error messages can expose sensitive information that could be used by attackers to launch further attacks against the system.

The vulnerability is classified under CWE-209, which relates to the generation of error messages containing sensitive information.

Impact Analysis

The vulnerability can impact you by exposing sensitive information through detailed error messages displayed in the browser to remote attackers.

This exposed information can be exploited to conduct further attacks against your system, potentially compromising its security.

Since the vulnerability has a CVSS base score of 5.3, it is considered medium severity, meaning it poses a moderate risk depending on your environment.

Mitigation Strategies

IBM strongly advises customers to update their systems promptly to the fixed versions: SDI 7.2.0.15 or IBM Security Verify Directory Integrator 10.0.0.3.

No workarounds or mitigations are currently available.

Customers are encouraged to subscribe to IBM's notification service to stay informed about future security bulletins.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-28765. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart