CVE-2024-28767

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7179558

Configurations

No configuration.

History

20 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-20 14:15

Updated : 2024-12-20 14:15

NVD link : CVE-2024-28767

Mitre link : CVE-2024-28767

CVE.ORG link : CVE-2024-28767

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

6.8 /10