Vulnerabilities > IBM > Security Directory Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-4540 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2019-10-02 | CVE-2019-4549 | Insecure Storage of Sensitive Information vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. | 5.3 |
| 2019-10-02 | CVE-2019-4542 | Cross-site Scripting vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. | 6.1 |
| 2019-10-02 | CVE-2019-4539 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. | 7.1 |
| 2019-10-02 | CVE-2019-4538 | Open Redirect vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 8.2 |
| 2019-10-02 | CVE-2019-4520 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2017-02-08 | CVE-2015-1976 | Improper Access Control vulnerability in IBM Security Directory Server and Tivoli Directory Server IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | 2.1 |
| 2016-07-15 | CVE-2015-1977 | Information Exposure vulnerability in IBM Security Directory Server and Tivoli Directory Server Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-10-19 | CVE-2014-6100 | Cross-Site Scripting vulnerability in IBM Security Directory Server and Tivoli Directory Server Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-01-27 | CVE-2013-6747 | Improper Input Validation vulnerability in IBM products IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain. | 7.1 |