Ibm

Security Directory Server

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-28772

  • EPSS 0.19%
  • Veröffentlicht 25.07.2024 18:15:03
  • Zuletzt bearbeitet 21.11.2024 09:06:55

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func...

7.5

CVE-2022-32759

  • EPSS 0.1%
  • Veröffentlicht 25.07.2024 18:15:02
  • Zuletzt bearbeitet 21.11.2024 07:06:54

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

5.9

CVE-2022-33161

  • EPSS 0.02%
  • Veröffentlicht 14.10.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 07:07:37

IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information u...

9.1

CVE-2022-32755

  • EPSS 0.04%
  • Veröffentlicht 14.10.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 07:06:53

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ...

9.1

CVE-2022-33164

  • EPSS 0.04%
  • Veröffentlicht 08.09.2023 20:15:14
  • Zuletzt bearbeitet 21.11.2024 07:07:37

IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. ...

5.3

CVE-2019-4563

  • EPSS 0.14%
  • Veröffentlicht 29.10.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:43:44

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. ...

5.3

CVE-2019-4547

  • EPSS 0.14%
  • Veröffentlicht 29.10.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:43:42

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.

6.1

CVE-2019-4548

  • EPSS 0.34%
  • Veröffentlicht 04.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:43:43

IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actio...

5.3

CVE-2019-4562

  • EPSS 0.28%
  • Veröffentlicht 04.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:43:44

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.

5.3

CVE-2019-4551

  • EPSS 0.26%
  • Veröffentlicht 04.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:43:43

IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.