Description
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Published: 2026-05-27
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote attacker can obtain sensitive data by triggering detailed technical error messages that the application returns in the browser. These error responses expose internal details such as stack traces or configuration information, which can be leveraged in subsequent attacks against the system. This weakness is a classic example of CWE‑209, where error handling inadvertently reveals confidential information.

Affected Systems

Affected hardware and software include IBM Security Directory Integrator versions 7.2.0.0 through 7.2.0.14 and IBM Security Verify Directory Integrator versions 10.0.0.0 through 10.0.0.2. Organizations running any of these product releases are susceptible until the fix is applied.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity, but the lack of an EPSS score suggests that exploitation frequency is unknown. The vulnerability is listed as not in the CISA KEV catalog, implying no known public exploitation. The likely attack vector is remote, via a web request that causes the application to generate a technical error response. No special prerequisites are noted beyond the ability to trigger an error condition.

Generated by OpenCVE AI on May 27, 2026 at 15:21 UTC.

Remediation

Vendor Solution

IBM strongly encourages customers to update their systems promptly. Principal Product and Versions Fix Availability IBM Security Director Integrator 7.2.0.15 7.2.0-ISS-SDI-FP0015 https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Security Verify Directory Integrator 10.0.0.3 IBM-SVDI-10.0.0.3 https://www.ibm.com/support/fixcentral/swg/selectFixes

OpenCVE Recommended Actions

  • Apply the IBM‑provided patch to upgrade to IBM Security Directory Integrator 7.2.0.15 or IBM Security Verify Directory Integrator 10.0.0.3 via the support center URLs listed in the advisory
  • Configure the application or web server to suppress or sanitize detailed error messages, ensuring only generic error responses are sent to clients
  • Run post‑patch validation tests to confirm that error pages no longer expose internal stack or system information

Generated by OpenCVE AI on May 27, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Title Security vulnerability was found in IBM Security Directory Integrator
First Time appeared Ibm
Ibm sdi
Ibm security Directory Integrator
Weaknesses CWE-209
CPEs cpe:2.3:a:ibm:sdi:7.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sdi:7.2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_directory_integrator:10.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_directory_integrator:10.0.0.2:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm sdi
Ibm security Directory Integrator
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ibm Sdi Security Directory Integrator
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T13:51:19.302Z

Reserved: 2024-03-10T12:22:43.138Z

Link: CVE-2024-28765

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:40.600

Modified: 2026-05-27T14:53:51.833

Link: CVE-2024-28765

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T15:30:27Z

Weaknesses