Vulnerabilities > IBM > Security Directory Suite VA > 8.0.1.19

DATE CVE VULNERABILITY TITLE RISK
2023-06-15 CVE-2022-32752 OS Command Injection vulnerability in IBM Security Directory Suite VA 8.0.1/8.0.1.19
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
8.8
8.8
2023-06-15 CVE-2022-32757 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Suite VA 8.0.1/8.0.1.19
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
7.5
2023-06-15 CVE-2022-33166 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Directory Suite VA 8.0.1/8.0.1.19
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment.
network
low complexity
ibm CWE-434
7.2
7.2
2023-06-15 CVE-2022-33159 Cleartext Storage of Sensitive Information vulnerability in IBM Security Directory Suite VA 8.0.1/8.0.1.19
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-312
6.5
6.5