CVE-2024-28771

Summary

CVE-2024-28771: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 fail to set the secure attribute on authorization tokens and session cookies, leaving them susceptible to interception. Attackers can potentially obtain these tokens by tricking users into clicking on malicious HTTP links or by planting such links on sites frequently visited by the users. The unsecured transmission of these cookies allows attackers to snoop on the traffic and gain unauthorized access to protected systems. This vulnerability poses a serious risk to organizations using these IBM products and underscores the importance of implementing secure cookie handling practices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.