IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.
8.8CVSS
8.4AI Score
0.001EPSS
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
7.5CVSS
7.2AI Score
0.001EPSS
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
6.5CVSS
6AI Score
0.001EPSS
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.
7.5CVSS
7.2AI Score
0.001EPSS
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
8.1CVSS
7.5AI Score
0.001EPSS
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.
7.2CVSS
6.6AI Score
0.001EPSS
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
7.5CVSS
7.1AI Score
0.001EPSS