Vulnerabilities > IBM > Security Directory Server > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-25 | CVE-2024-28772 | Unspecified vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. | 5.4 |
2023-10-14 | CVE-2022-33161 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2020-10-29 | CVE-2019-4563 | Session Fixation vulnerability in IBM Security Directory Server 6.4.0.0 IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. | 5.3 |
2020-10-29 | CVE-2019-4547 | Information Exposure Through an Error Message vulnerability in IBM Security Directory Server 6.4.0.0 IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. | 5.3 |
2020-02-04 | CVE-2019-4562 | Information Exposure vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 stores sensitive information in URLs. | 5.3 |
2020-02-04 | CVE-2019-4551 | Missing Authentication for Critical Function vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 5.3 |
2020-02-04 | CVE-2019-4550 | Unspecified vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. | 5.3 |
2020-02-04 | CVE-2019-4548 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Directory Server IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
2019-10-02 | CVE-2019-4549 | Insecure Storage of Sensitive Information vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. | 5.3 |
2019-10-02 | CVE-2019-4542 | Cross-site Scripting vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. | 6.1 |