Lucene search
K
IbmSecurity Directory Integrator

11 matches found

CVE
CVE
added 2023/10/14 2:16 p.m.78 views

CVE-2022-33165

CVE-2022-33165 affects IBM Security Directory Server 6.4.0 and allows a remote attacker to traverse directories by sending a crafted URL containing dot-dot sequences (/../), potentially viewing arbitrary files. The vulnerability is network-based with no authentication/interaction required per CVS...

7.5CVSS6.6AI score0.01172EPSS
CVE
CVE
added 2024/07/25 5:18 p.m.78 views

CVE-2024-28772

CVE-2024-28772 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, with a stored cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. The issue concerns the ability for an attacker to embe...

6.8CVSS5.9AI score0.00283EPSS
CVE
CVE
added 2024/08/16 6:33 p.m.73 views

CVE-2022-33162

Concisely: CVE-2022-33162 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where certain functionality that requires a provable user identity or consumes significant resources does not perform authentication, allowing access at unprivileged leve...

9.8CVSS7.8AI score0.0043EPSS
CVE
CVE
added 2023/10/14 2:14 p.m.71 views

CVE-2022-33161

CVE-2022-33161 affects IBM Security Directory Server 6.4.0. The issue is caused by failure to properly enable HTTP Strict Transport Security, enabling an attacker to obtain sensitive information via man-in-the-middle over the network. Impact is information disclosure; published scores show MEDIUM...

5.9CVSS5AI score0.00429EPSS
CVE
CVE
added 2024/07/30 5:5 p.m.64 views

CVE-2022-33167

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 are affected by CVE-2022-33167 due to failure to set the HTTPOnly flag on cookies, enabling an remote attacker to read sensitive data from cookies. Affected products: IBM Security Directory Integrator 7.2....

7.5CVSS3.7AI score0.00426EPSS
CVE
CVE
added 2024/12/20 1:48 p.m.60 views

CVE-2024-28767

CVE-2024-28767 affects IBM Security Directory Integrator 7.2.0–7.2.0.13 and 10.0.0–10.0.3. The issue is an operating system command injection flaw: an authenticated remote attacker can send a specially crafted request to execute arbitrary commands on the target system. The Red Hat and IBM advisor...

8.8CVSS6.8AI score0.0064EPSS
CVE
CVE
added 2024/07/25 5:11 p.m.58 views

CVE-2022-32759

CVE-2022-32759 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where insufficient session expiration could let an unauthorized user obtain sensitive information. The IBM bulletin confirms the vulnerability and specifies fixes: 7.2.0 -> 7.2.0...

7.5CVSS5AI score0.00378EPSS
CVE
CVE
added 2025/01/27 1:12 a.m.52 views

CVE-2024-28771

CVE-2024-28771 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, caused by not setting the secure attribute on authorization tokens or session cookies. This can allow cookie values to be exposed when a user is lured to or visits an http link, ena...

6.5CVSS4.9AI score0.00175EPSS
CVE
CVE
added 2025/01/27 1:14 a.m.49 views

CVE-2024-28766

CVE-2024-28766 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. The issue is an information disclosure in which sensitive directory contents could be exposed, potentially aiding further attacks. The connected IBM bulletin confirms affected produ...

7.5CVSS3.3AI score0.00303EPSS
CVE
CVE
added 2025/01/27 1:12 a.m.45 views

CVE-2024-28770

Affected products: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. Root cause: missing secure attribute on authorization tokens/session cookies. Impact: cookies can be exposed via http links and traffic snooping, enabling session hijacking as described...

6.5CVSS4.9AI score0.00175EPSS
CVE
CVE
added 2026/05/27 1:47 p.m.15 views

CVE-2024-28765

IBM Security Directory Integrator (SDI) and Security Director/Directory Integrator components are affected: SDI 7.2.0.0–7.2.0.14 and IBM Security Directory Integrator 10.0.0.0–10.0.0.2 could allow a remote attacker to obtain sensitive information via a detailed error message returned in the brows...

5.3CVSS5.8AI score0.00385EPSS