A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Six years. Gartner® Magic Quadrant™ Leader.Find Out Why
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-28766

CVE-2024-28766: IBM Security Directory Integrator Flaw

CVE-2024-28766 is an information disclosure vulnerability in IBM Security Directory Integrator that exposes sensitive directory contents to attackers. This article covers the technical details, affected versions, and steps.

Published: June 2, 2026

CVE-2024-28766 Overview

CVE-2024-28766 is an information disclosure vulnerability affecting IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. The flaw allows remote, unauthenticated attackers to obtain sensitive information about directory contents. Disclosed directory data can support reconnaissance and follow-on attacks against the target environment. The issue is tracked under CWE-548, Exposure of Information Through Directory Listing.

Critical Impact

Unauthenticated network attackers can retrieve sensitive directory information from affected IBM Security Directory Integrator deployments, enabling reconnaissance for subsequent attacks against the system.

Affected Products

  • IBM Security Directory Integrator 7.2.0
  • IBM Security Verify Directory Integrator 10.0.0
  • Deployments exposing the integrator service over the network

Discovery Timeline

  • 2025-01-27 - CVE-2024-28766 published to NVD
  • 2025-07-14 - Last updated in NVD database

Technical Details for CVE-2024-28766

Vulnerability Analysis

The vulnerability lets a remote attacker enumerate directory contents managed by IBM Security Directory Integrator and IBM Security Verify Directory Integrator. The product exposes structural or content information that should be restricted to authorized users. Because no authentication or user interaction is required, an attacker only needs network reachability to the affected service. Exposed data may include directory schema details, object naming, or other metadata that supports targeted attacks against identity infrastructure.

Root Cause

The defect maps to CWE-548, Exposure of Information Through Directory Listing. The integrator returns directory information in responses without enforcing sufficient access restrictions. As a result, sensitive content intended for authenticated administrators is reachable by external clients. IBM addressed the issue in a security update referenced in the IBM Support Page.

Attack Vector

Exploitation occurs over the network against the integrator endpoint. An attacker sends crafted requests to the service and parses the responses for directory data. Successful retrieval impacts confidentiality only — integrity and availability are not affected. The disclosed information typically supports lateral movement, account targeting, or schema-aware injection attempts against backing LDAP directories.

No public proof-of-concept is available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. See the IBM advisory for vendor technical details.

Detection Methods for CVE-2024-28766

Indicators of Compromise

  • Unauthenticated requests to IBM Security Directory Integrator endpoints from external or unexpected source addresses.
  • Anomalous response sizes from the integrator service indicating bulk directory data retrieval.
  • Repeated enumeration-style request patterns targeting directory paths or schema objects.

Detection Strategies

  • Inspect HTTP and LDAP traffic to the integrator service for requests that return directory listings without an authenticated session.
  • Correlate access logs from IBM Security Directory Integrator with authentication events to flag unauthenticated reads.
  • Apply network detection signatures for enumeration patterns against the integrator's listening ports.

Monitoring Recommendations

  • Forward integrator and reverse-proxy logs to a centralized SIEM for retention and search.
  • Alert on traffic to the integrator originating outside approved administrative networks.
  • Track version banners and software inventory to confirm patched releases are deployed across all instances.

How to Mitigate CVE-2024-28766

Immediate Actions Required

  • Apply the IBM-provided fix referenced in the IBM Support Page for affected versions 7.2.0 and 10.0.0.
  • Restrict network access to the integrator service to trusted administrative subnets only.
  • Audit recent access logs for unauthenticated directory queries since deployment.
  • Rotate credentials and review directory data that may have been exposed to untrusted networks.

Patch Information

IBM has released remediation for IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. Refer to the IBM Support Page for the specific fix pack, interim fix, or upgrade path applicable to your deployment.

Workarounds

  • Place the integrator behind a reverse proxy that enforces authentication before requests reach the service.
  • Use firewall rules or network segmentation to block untrusted clients from reaching the integrator port.
  • Disable any directory listing or schema-exposure features not required for production operation.
bash
# Example: restrict integrator access to a trusted admin subnet using iptables
iptables -A INPUT -p tcp --dport 1099 -s 10.10.20.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 1099 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechIbm Security Directory Integrator
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability0.09%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-548
  • Vendor Resources
  • IBM Support Page
  • Related CVEs
  • CVE-2024-28765: IBM Security Directory Integrator Disclosure
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English