11 matches found
CVE-2022-33165
CVE-2022-33165 affects IBM Security Directory Server 6.4.0 and allows a remote attacker to traverse directories by sending a crafted URL containing dot-dot sequences (/../), potentially viewing arbitrary files. The vulnerability is network-based with no authentication/interaction required per CVS...
CVE-2024-28772
CVE-2024-28772 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, with a stored cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. The issue concerns the ability for an attacker to embe...
CVE-2022-33162
Concisely: CVE-2022-33162 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where certain functionality that requires a provable user identity or consumes significant resources does not perform authentication, allowing access at unprivileged leve...
CVE-2022-33161
CVE-2022-33161 affects IBM Security Directory Server 6.4.0. The issue is caused by failure to properly enable HTTP Strict Transport Security, enabling an attacker to obtain sensitive information via man-in-the-middle over the network. Impact is information disclosure; published scores show MEDIUM...
CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 are affected by CVE-2022-33167 due to failure to set the HTTPOnly flag on cookies, enabling an remote attacker to read sensitive data from cookies. Affected products: IBM Security Directory Integrator 7.2....
CVE-2024-28767
CVE-2024-28767 affects IBM Security Directory Integrator 7.2.0–7.2.0.13 and 10.0.0–10.0.3. The issue is an operating system command injection flaw: an authenticated remote attacker can send a specially crafted request to execute arbitrary commands on the target system. The Red Hat and IBM advisor...
CVE-2022-32759
CVE-2022-32759 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where insufficient session expiration could let an unauthorized user obtain sensitive information. The IBM bulletin confirms the vulnerability and specifies fixes: 7.2.0 -> 7.2.0...
CVE-2024-28771
CVE-2024-28771 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, caused by not setting the secure attribute on authorization tokens or session cookies. This can allow cookie values to be exposed when a user is lured to or visits an http link, ena...
CVE-2024-28766
CVE-2024-28766 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. The issue is an information disclosure in which sensitive directory contents could be exposed, potentially aiding further attacks. The connected IBM bulletin confirms affected produ...
CVE-2024-28770
Affected products: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. Root cause: missing secure attribute on authorization tokens/session cookies. Impact: cookies can be exposed via http links and traffic snooping, enabling session hijacking as described...
CVE-2024-28765
IBM Security Directory Integrator (SDI) and Security Director/Directory Integrator components are affected: SDI 7.2.0.0–7.2.0.14 and IBM Security Directory Integrator 10.0.0.0–10.0.0.2 could allow a remote attacker to obtain sensitive information via a detailed error message returned in the brows...