Vulnerabilities ›

CVE-2024-28765

Medium

CWE-209 — Weakness Type

                    Published: May 27, 2026                      ·  Modified: May 30, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

🤖 AI Executive Summary

CVE-2024-28765 is an information disclosure vulnerability in IBM SDI and Security Directory Integrator that exposes sensitive technical details through error messages. While the CVSS score is medium (5.3), the lack of available patches and potential for reconnaissance attacks make this a concern for Saudi organizations using these identity management solutions. The vulnerability could facilitate further targeted attacks against critical infrastructure.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 00:20

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government agencies, ARAMCO, banking sector (SAMA-regulated institutions), and telecom operators (STC, Mobily) that rely on IBM SDI for identity and access management. The information disclosure could enable attackers to map system architecture, identify backend technologies, and plan sophisticated attacks against critical infrastructure. Government entities managing citizen data and financial institutions handling sensitive transactions are at elevated risk.

🏢 Affected Saudi Sectors

Government Banking Energy (ARAMCO) Telecommunications Healthcare Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1592 - Gather Victim Host Information T1592.004 - Client Configurations T1589 - Gather Victim Identity Information T1590 - Gather Victim Network Information T1598 - Phishing for Information

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all IBM SDI 7.2.0.0-7.2.0.14 and Security Directory Integrator 10.0.0.0-10.0.0.2 instances in your environment

2. Implement web application firewall (WAF) rules to suppress detailed error messages and return generic error responses

3. Disable verbose error reporting in application configuration files

4. Restrict access to SDI administrative interfaces using network segmentation and IP whitelisting



Compensating Controls:

5. Configure error page customization to display generic messages instead of technical details

6. Implement centralized logging and monitoring for error messages to detect reconnaissance attempts

7. Apply HTTP security headers (X-Frame-Options, Content-Security-Policy) to prevent information leakage

8. Monitor for unusual error message patterns that may indicate active reconnaissance



Detection Rules:

9. Alert on repeated HTTP 500/400 errors from same source IP

10. Monitor for patterns of requests designed to trigger error messages

11. Log all access attempts to error pages and technical documentation endpoints

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نسخ IBM SDI 7.2.0.0-7.2.0.14 و Security Directory Integrator 10.0.0.0-10.0.0.2 في بيئتك

2. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) لقمع رسائل الخطأ التفصيلية وإرجاع رسائل خطأ عامة

3. تعطيل الإبلاغ عن الأخطاء المفصلة في ملفات تكوين التطبيق

4. تقييد الوصول إلى واجهات إدارة SDI باستخدام تقسيم الشبكة وقائمة IP البيضاء



الضوابط البديلة:

5. تكوين تخصيص صفحات الخطأ لعرض رسائل عامة بدلاً من التفاصيل التقنية

6. تطبيق المراقبة والتسجيل المركزي لرسائل الخطأ للكشف عن محاولات الاستطلاع

7. تطبيق رؤوس أمان HTTP (X-Frame-Options, Content-Security-Policy) لمنع تسرب المعلومات

8. مراقبة أنماط رسائل الخطأ غير العادية التي قد تشير إلى استطلاع نشط



قواعد الكشف:

9. تنبيهات على أخطاء HTTP 500/400 المتكررة من نفس عنوان IP

10. مراقبة أنماط الطلبات المصممة لتشغيل رسائل الخطأ

11. تسجيل جميع محاولات الوصول إلى صفحات الخطأ ونقاط نهاية التوثيق التقني

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies and Procedures A.6.1.1 - Organization of Information Security A.8.1.1 - User Endpoint Devices A.12.6.1 - Management of Technical Vulnerabilities

🔵 SAMA CSF

ID.RA-1 - Asset Management PR.AC-1 - Access Control Policy PR.PT-1 - Security Awareness and Training DE.CM-1 - The network is monitored to detect potential cybersecurity events

🟡 ISO 27001:2022

A.5.1 - Management Direction A.8.1 - User Endpoint Devices A.12.6 - Management of Technical Vulnerabilities A.14.2 - Development and Change Management

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security patches must be installed Requirement 10.3 - Log all access to audit trails

🔗 References & Sources 1

🔗

https://www.ibm.com/support/pages/node/7268903

psirt@us.ibm.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-209

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-05-27

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-209

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2024-28765

Introduce Yourself

Sign In Required