Vulnerabilities > IBM > Security Directory Integrator
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-16 | CVE-2022-33162 | Unspecified vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. | 9.8 |
| 2024-07-30 | CVE-2022-33167 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
| 2024-07-25 | CVE-2022-32759 | Insufficient Session Expiration vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. | 7.5 |
| 2024-07-25 | CVE-2024-28772 | Cross-site Scripting vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-10-14 | CVE-2022-33161 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2023-10-14 | CVE-2022-33165 | Path Traversal vulnerability in IBM Security Directory Integrator 7.2.0 IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. | 7.5 |