Vulnerabilities > IBM > Security Directory Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-28772 Unspecified vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm
5.4
2023-10-14 CVE-2022-33161 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2020-10-29 CVE-2019-4563 Session Fixation vulnerability in IBM Security Directory Server 6.4.0.0
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-384
5.3
2020-10-29 CVE-2019-4547 Information Exposure Through an Error Message vulnerability in IBM Security Directory Server 6.4.0.0
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-209
5.3
2020-02-04 CVE-2019-4562 Information Exposure vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 stores sensitive information in URLs.
network
low complexity
ibm CWE-200
5.3
2020-02-04 CVE-2019-4551 Missing Authentication for Critical Function vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
network
low complexity
ibm CWE-306
5.3
2020-02-04 CVE-2019-4550 Unspecified vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points.
network
low complexity
ibm
5.3
2020-02-04 CVE-2019-4548 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Directory Server
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-1021
6.1
2019-10-02 CVE-2019-4549 Insecure Storage of Sensitive Information vulnerability in IBM Security Directory Server 6.4.0
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-922
5.3
2019-10-02 CVE-2019-4542 Cross-site Scripting vulnerability in IBM Security Directory Server 6.4.0
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1