What is CVE-2024-28770?

CVE-2024-28770 is a medium-severity vulnerability in Ibm Security Directory Integrator, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 4.8/10. Published 2025-01-27.

How severe is CVE-2024-28770?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Vulnerability in Ibm Security Directory Integrator

CVE-2024-28770

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// l…

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Ibm Security Directory Integrator — versions 7.2.0
Ibm Security Verify Directory Integrator — versions 10.0.0

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

www.ibm.com/support/pages/node/7161444

Frequently asked questions

What is CVE-2024-28770?: CVE-2024-28770 is a medium-severity vulnerability in Ibm Security Directory Integrator, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 4.8/10. Published 2025-01-27.
How severe is CVE-2024-28770?: Medium severity. CVSS v3 base score is 4.8 out of 10.