Vulnerabilities > IBM > Security Directory Server

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2019-4548 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-1021
6.1
2020-02-04 CVE-2019-4541 Unspecified vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.
network
low complexity
ibm
7.2
2020-02-04 CVE-2019-4540 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2019-10-02 CVE-2019-4549 Insecure Storage of Sensitive Information vulnerability in IBM Security Directory Server 6.4.0
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-922
5.3
2019-10-02 CVE-2019-4542 Cross-site Scripting vulnerability in IBM Security Directory Server 6.4.0
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2019-10-02 CVE-2019-4539 XML Injection (aka Blind XPath Injection) vulnerability in IBM Security Directory Server 6.4.0
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
network
low complexity
ibm CWE-91
7.1
2019-10-02 CVE-2019-4538 Open Redirect vulnerability in IBM Security Directory Server 6.4.0
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
8.2
2019-10-02 CVE-2019-4520 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Server 6.4.0
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2017-02-08 CVE-2015-1976 Improper Access Control vulnerability in IBM Security Directory Server and Tivoli Directory Server
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
local
low complexity
ibm CWE-284
5.5
2016-07-15 CVE-2015-1977 Information Exposure vulnerability in IBM Tivoli Directory Server
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a ..
network
low complexity
ibm CWE-200
7.5