CVE-2024-28770

Summary

CVE-2024-28770 is a vulnerability affecting IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. This issue allows attackers to intercept and obtain user authorization tokens or session cookies through unsecured HTTP links. The software fails to set the secure attribute on these tokens, making them susceptible to interception. Attackers can either send a malicious link to a user or plant it on a visited website. Once obtained, the attacker can use the stolen tokens to gain unauthorized access to protected resources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.