CVE-2024-28765— Security vulnerability was found in IBM Security Directory Integrator

CVSS 5.3 · Medium EPSS 0.39% · P30 Updated May 29, 2026

Possible ATT&CK Techniques 2AI

T1059 · Command and Scripting Interpreter T1203 · Exploitation for Client Execution

Affected Version Matrix 2

Vendor	Product	Version Range	Status
IBM	SDI	`7.2.0.0≤ 7.2.0.14`	affected
IBM	Security Directory Integrator	`10.0.0.0≤ 10.0.0.2`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-28765

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Security vulnerability was found in IBM Security Directory Integrator

Source: NVD (National Vulnerability Database)

Vulnerability Description

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过错误消息导致的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM Security Directory Integrator 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM Security Directory Integrator是美国国际商业机器（IBM）公司的一个集成开发环境和运行时服务。 IBM Security Directory Integrator 7.2.0.0版本至7.2.0.14版本和10.0.0.0版本至10.0.0.2版本存在安全漏洞，该漏洞源于在浏览器中返回详细技术错误消息，可能导致远程攻击者获取敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM	SDI	7.2.0.0 ~ 7.2.0.14	`cpe:2.3:a:ibm:sdi:7.2.0.0:::::::*`
IBM	Security Directory Integrator	10.0.0.0 ~ 10.0.0.2	`cpe:2.3:a:ibm:security_directory_integrator:10.0.0.0:::::::*`

II. Public POCs for CVE-2024-28765

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-28765

请登录查看更多情报信息。

Vendor Advisories for CVE-2024-28765 (1)

🔗 Security Bulletin: Security vulnerability was found in IBM Security Directory Integrator (CVE-2024-28765)vendor-advisorypatch

https://nvd.nist.gov/vuln/detail/CVE-2024-28765

Same Patch Batch · IBM · 2026-05-27 · 29 CVEs total

CVE-2026-8175	9.8 CRITICAL	Multiple vulnerabilities in Aspera applications.
CVE-2026-7524	9.8 CRITICAL	Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System
CVE-2026-5065	8.8 HIGH	IBM Controller is affected by vulnerabilities
CVE-2026-8179	8.8 HIGH	Multiple vulnerabilities in Aspera applications.
CVE-2026-7365	8.4 HIGH	IBM Operations Analytics - Log Analysis is affected by Information disclosure due to defau
CVE-2026-3623	7.8 HIGH	Vulnerabilities exists in IBM Netezza Performance Server Replication Services
CVE-2026-3366	7.5 HIGH	InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read
CVE-2026-8180	7.5 HIGH	Multiple vulnerabilities in Aspera applications.
CVE-2024-56462	7.2 HIGH	IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
CVE-2026-1718	7.1 HIGH	IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running
CVE-2026-7528	7.1 HIGH	Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure
CVE-2026-6938	6.5 MEDIUM	IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage
CVE-2026-9035	6.5 MEDIUM	Multiple vulnerabilities in Aspera applications.
CVE-2026-8405	6.5 MEDIUM	IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerabilit
CVE-2026-6936	6.5 MEDIUM	IBM i is Affected by a Denial of Service Vulnerability []
CVE-2026-6052	6.5 MEDIUM	IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC t
CVE-2026-3676	6.5 MEDIUM	There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Man
CVE-2024-40684	5.9 MEDIUM	IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate
CVE-2026-6053	5.5 MEDIUM	IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with
CVE-2026-6051	5.5 MEDIUM	IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query wi

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: IBM

Same weakness: CWE-209

V. Comments for CVE-2024-28765

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-28765— Security vulnerability was found in IBM Security Directory Integrator

Possible ATT&CK Techniques 2AI

Affected Version Matrix 2

I. Basic Information for CVE-2024-28765

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-28765

III. Intelligence Information for CVE-2024-28765

Vendor Advisories for CVE-2024-28765 (1)

Same Patch Batch · IBM · 2026-05-27 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-28765

Leave a comment