Vulnerabilities > IBM > Security Directory Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-25 | CVE-2022-32759 | Insufficient Session Expiration vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. | 7.5 |
2024-07-25 | CVE-2024-28772 | Cross-site Scripting vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. | 5.4 |
2023-10-14 | CVE-2022-32755 | XXE vulnerability in IBM products IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2023-10-14 | CVE-2022-33161 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2023-09-08 | CVE-2022-33164 | Path Traversal vulnerability in IBM Security Directory Server 7.2.0 IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. | 9.1 |
2020-10-29 | CVE-2019-4563 | Session Fixation vulnerability in IBM Security Directory Server 6.4.0.0 IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. | 5.3 |
2020-10-29 | CVE-2019-4547 | Information Exposure Through an Error Message vulnerability in IBM Security Directory Server 6.4.0.0 IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. | 5.3 |
2020-02-04 | CVE-2019-4562 | Information Exposure vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 stores sensitive information in URLs. | 5.3 |
2020-02-04 | CVE-2019-4551 | Missing Authentication for Critical Function vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 5.3 |
2020-02-04 | CVE-2019-4550 | Unspecified vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. | 5.3 |