Vulnerabilities > IBM > Security Directory Server

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2022-32759 Insufficient Session Expiration vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information.
network
low complexity
ibm CWE-613
7.5
2024-07-25 CVE-2024-28772 Cross-site Scripting vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-10-14 CVE-2022-32755 XXE vulnerability in IBM products
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2023-10-14 CVE-2022-33161 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2023-09-08 CVE-2022-33164 Path Traversal vulnerability in IBM Security Directory Server 7.2.0
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
critical
9.1
2020-10-29 CVE-2019-4563 Session Fixation vulnerability in IBM Security Directory Server 6.4.0.0
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-384
5.3
2020-10-29 CVE-2019-4547 Information Exposure Through an Error Message vulnerability in IBM Security Directory Server 6.4.0.0
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-209
5.3
2020-02-04 CVE-2019-4562 Information Exposure vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 stores sensitive information in URLs.
network
low complexity
ibm CWE-200
5.3
2020-02-04 CVE-2019-4551 Missing Authentication for Critical Function vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-306
5.3
2020-02-04 CVE-2019-4550 Unspecified vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points.
network
low complexity
ibm
5.3