{"vulnerability": "CVE-2024-2877", "sightings": [{"uuid": "aeb55598-b855-433c-ab86-7a3a20c6dcf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28770", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113897724784584899", "content": "", "creation_timestamp": "2025-01-27T01:29:17.853630Z"}, {"uuid": "8443bc4b-cf39-4a82-a899-8e8b983100a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28771", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113897724798558957", "content": "", "creation_timestamp": "2025-01-27T01:29:18.158454Z"}, {"uuid": "ca6f0f85-f808-4623-94cd-2b2bb2054aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28770", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgounqusmp27", "content": "", "creation_timestamp": "2025-01-27T02:15:46.963982Z"}, {"uuid": "de825018-c5ed-4eb9-9433-6e0ae1c03cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28771", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgountbsiq2c", "content": "", "creation_timestamp": "2025-01-27T02:15:48.760207Z"}, {"uuid": "b1249679-4d3d-48e6-b937-549a37971c92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28777", "type": "seen", "source": "https://t.me/cvedetector/18465", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28777 - IBM Cognos Controller Unrestricted Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28777 \nPublished : Feb. 19, 2025, 4:15 p.m. | 2\u00a0hours, 23\u00a0minutes ago \nDescription : IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0   \n  \n  \n  \nis vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T20:25:11.000000Z"}, {"uuid": "8914bec5-8982-4160-97fc-4791c473e073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28770", "type": "seen", "source": "https://t.me/cvedetector/16427", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28770 - IBM Security Directory Integrator Unsecured Cookie Leak Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-28770 \nPublished : Jan. 27, 2025, 2:15 a.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T05:57:18.000000Z"}, {"uuid": "c66f88dc-0755-47a4-87b4-22db0ecaa56c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28770", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgp5ap7zvm2r", "content": "", "creation_timestamp": "2025-01-27T04:49:32.233813Z"}, {"uuid": "9f4a1191-654e-4b23-af49-d5981907c21f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28771", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgp5apo23u2k", "content": "", "creation_timestamp": "2025-01-27T04:49:33.465410Z"}, {"uuid": "4d0bee92-17ed-429e-804f-94ef9b824308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28777", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114031810185128567", "content": "", "creation_timestamp": "2025-02-19T17:49:02.923580Z"}, {"uuid": "2a8dc113-f9e8-4eec-8c00-1557737edceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3likej6zzp32z", "content": "", "creation_timestamp": "2025-02-19T18:06:39.060894Z"}, {"uuid": "8a36ebfe-f3a6-4103-832e-08052b4df968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3likej7vdpt2z", "content": "", "creation_timestamp": "2025-02-19T18:06:43.581369Z"}, {"uuid": "169e5658-d422-476a-99c2-341dc05f925e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28776", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "e18b5a44-f151-4673-b369-16e6ff79e82a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28777", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "7912e669-f0e1-4395-8992-3895e8149cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28778", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62btpmxr22", "content": "", "creation_timestamp": "2025-01-07T16:16:01.665919Z"}, {"uuid": "872d27e3-351e-42a9-b9d5-1e09aa9ad39a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28771", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3155", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-h4p8-jffm-9cch\n\ud83d\udd25 CVSS Score: 4.8 (CVSS_V3)\n\ud83d\udd39 Description: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.\n\ud83d\udccf Published: 2025-01-27T03:30:26Z\n\ud83d\udccf Modified: 2025-01-27T03:30:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-28771\n2. https://www.ibm.com/support/pages/node/7161444", "creation_timestamp": "2025-01-27T04:07:36.000000Z"}, {"uuid": "e6de8a4d-51fe-4a02-bb2f-350cd6f66bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28770", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3156", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-75j3-gff7-55x3\n\ud83d\udd25 CVSS Score: 4.8 (CVSS_V3)\n\ud83d\udd39 Description: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.\n\ud83d\udccf Published: 2025-01-27T03:30:26Z\n\ud83d\udccf Modified: 2025-01-27T03:30:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-28770\n2. https://www.ibm.com/support/pages/node/7161444", "creation_timestamp": "2025-01-27T04:07:37.000000Z"}, {"uuid": "7842b29d-749d-4250-9440-7534ba74bed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28771", "type": "seen", "source": "https://t.me/cvedetector/16428", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28771 - IBM Security Directory Integrator/Leave Me Alone: Insecure Cookie Transmission\", \n  \"Content\": \"CVE ID : CVE-2024-28771 \nPublished : Jan. 27, 2025, 2:15 a.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T05:57:19.000000Z"}, {"uuid": "ab9a03d8-5020-4e47-a145-7f7ba812e3e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28772", "type": "seen", "source": "https://t.me/cvedetector/1638", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28772 - IBM Security Directory Integrator Cross-Site Scripting (CSX)\", \n  \"Content\": \"CVE ID : CVE-2024-28772 \nPublished : July 25, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  285645. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T21:05:52.000000Z"}]}