Vulnerabilities > IBM > Security Directory Integrator

DATE CVE VULNERABILITY TITLE RISK
2024-08-16 CVE-2022-33162 Unspecified vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user.
network
low complexity
ibm
critical
9.8
2024-07-30 CVE-2022-33167 Incorrect Permission Assignment for Critical Resource vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
2024-07-25 CVE-2022-32759 Unspecified vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information.
network
low complexity
ibm
7.5
2024-07-25 CVE-2024-28772 Unspecified vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm
5.4
2023-10-14 CVE-2022-33161 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2023-10-14 CVE-2022-33165 Path Traversal vulnerability in IBM Security Directory Integrator 7.2.0
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5