Vulnerabilities > IBM > Security Directory Server > 6.4.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-4562 | Information Exposure vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 stores sensitive information in URLs. | 5.3 |
| 2020-02-04 | CVE-2019-4551 | Missing Authentication for Critical Function vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 5.3 |
| 2020-02-04 | CVE-2019-4550 | Unspecified vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. | 5.3 |
| 2020-02-04 | CVE-2019-4548 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2020-02-04 | CVE-2019-4541 | Unspecified vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 7.2 |
| 2020-02-04 | CVE-2019-4540 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2016-07-15 | CVE-2015-1977 | Information Exposure vulnerability in IBM Tivoli Directory Server Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. | 7.5 |