Lucene search
K
IbmSecurity Directory Server

22 matches found

CVE
CVE
added 2014/01/27 4:0 p.m.88 views

CVE-2013-6747

CVE-2013-6747 affects GSKit used by IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS). A malformed X.509 certificate chain can cause the GSKit client/server process to hang or crash, enabling a remote attacker to trigger a denial of service without authentication. IBM’s bulle...

7.1CVSS8.8AI score0.02238EPSS
CVE
CVE
added 2023/10/14 2:25 p.m.84 views

CVE-2022-32755

CVE-2022-32755 affects IBM Security Directory Server 6.4.0. It is described as an XML External Entity (XXE) injection when processing XML data, enabling a remote attacker to expose sensitive information or cause memory/resource usage. Remediation referenced in the IBM bulletin: apply IBM Security...

9.1CVSS6.4AI score0.00714EPSS
CVE
CVE
added 2024/07/25 5:18 p.m.76 views

CVE-2024-28772

CVE-2024-28772 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, with a stored cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. The issue concerns the ability for an attacker to embe...

6.8CVSS5.9AI score0.00283EPSS
CVE
CVE
added 2023/10/14 2:14 p.m.70 views

CVE-2022-33161

CVE-2022-33161 affects IBM Security Directory Server 6.4.0. The issue is caused by failure to properly enable HTTP Strict Transport Security, enabling an attacker to obtain sensitive information via man-in-the-middle over the network. Impact is information disclosure; published scores show MEDIUM...

5.9CVSS5AI score0.00429EPSS
CVE
CVE
added 2023/09/08 7:58 p.m.68 views

CVE-2022-33164

CVE-2022-33164 affects IBM Security Directory Server (7.2.0). A remote attacker could exploit a path traversal via /.. to view or write arbitrary files. IBM bulletin cites CVSS base 8.7 (CVE-2022-33164) and provides remediation: IBM Security Directory Server 6.4.0 interim fix 28, IBM Security Dir...

9.1CVSS8.7AI score0.01476EPSS
CVE
CVE
added 2019/10/02 2:45 p.m.62 views

CVE-2019-4538

CVE-2019-4538 affects IBM Security Directory Server 6.4.0, enabling remote phishing via an open redirect vulnerability. An attacker persuades a user to visit a crafted site to spoof the URL and redirect to a malicious site. IBM’s fix is available for 6.4.0 as version 6.4.0.19-ISS-ISDS-IF0019. Oth...

8.2CVSS7.5AI score0.01288EPSS
CVE
CVE
added 2014/10/19 1:0 a.m.58 views

CVE-2014-6100

CVE-2014-6100 is an XSS vulnerability in the Admin UI of IBM Tivoli Directory Server (versions 6.1 via 6.1.0.64-ISS-ITDS-IF0064; 6.2 via 6.2.0.39-ISS-ITDS-FP0039; 6.3 via 6.3.0.33-ISS-ITDS-IF0033) and IBM Security Directory Server 6.3.1 (via 6.3.1.7-ISS-ISDS-IF0007). The root cause is insufficien...

3.5CVSS5.2AI score0.00936EPSS
CVE
CVE
added 2024/07/25 5:11 p.m.58 views

CVE-2022-32759

CVE-2022-32759 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where insufficient session expiration could let an unauthorized user obtain sensitive information. The IBM bulletin confirms the vulnerability and specifies fixes: 7.2.0 -> 7.2.0...

7.5CVSS5AI score0.00378EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.54 views

CVE-2019-4540

IBM Security Directory Server 6.4.0 is affected by CVE-2019-4540, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The root cause is the use of weak encryption in the implementation, leading to potential confidentiality impact (C...

7.5CVSS7.2AI score0.00792EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.54 views

CVE-2019-4550

IBM Security Directory Server 6.4.0 is affected by a vulnerability where active debugging code creates unintended entry points, enabling potential information exposure. The issue is documented across multiple sources (NVD entry CVE-2019-4550; CNVD-2020-04412) with a MEDIUM severity (CVSSv3.1 base...

5.3CVSS5.8AI score0.01067EPSS
CVE
CVE
added 2017/02/08 10:0 p.m.53 views

CVE-2015-1976

CVE-2015-1976 affects IBM Security Directory Server (including IBM Tivoli Directory Server) where an authenticated user could issue commands via the web administration tool, potentially crashing the tool. IBM’s bulletin lists affected versions up to 6.4.0.6 (and earlier 6.x line variants) and pro...

5.5CVSS5.6AI score0.00349EPSS
CVE
CVE
added 2016/07/15 6:0 p.m.50 views

CVE-2015-1977

CVE-2015-1977 describes a directory traversal in IBM Tivoli Directory Server (ITDS) and IBM Security Directory Server (ISDS) Web Administration, allowing a remote attacker to read arbitrary files via a URL containing .. sequences. Affected versions: ITDS 6.1.0.73 and earlier; 6.2.0.49 and earlier...

7.5CVSS7.3AI score0.01681EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.44 views

CVE-2019-4541

CVE-2019-4541 affects IBM Security Directory Server 6.4.0, where incomplete blocklisting for input validation allows bypassing application controls and impacts system integrity. The issue is tied to 6.4.0 and has remediation in the IBM bulletin: upgrade to 6.4.0.20-ISS-ISDS-IF0020 (or later) to a...

7.2CVSS6.9AI score0.01316EPSS
CVE
CVE
added 2019/10/02 2:45 p.m.44 views

CVE-2019-4542

CVE-2019-4542 affects IBM Security Directory Server 6.4.0. The connected IBM bulletin confirms a cross-site scripting vulnerability in the Web UI of IBM Security Directory Server 6.4.0, potentially allowing an attacker to embed JavaScript in the UI and cause credential disclosure within a trusted...

6.1CVSS5.9AI score0.00901EPSS
CVE
CVE
added 2019/10/02 2:45 p.m.44 views

CVE-2019-4549

CVE-2019-4549 affects IBM Security Directory Server 6.4.0, where an information-disclosure vulnerability allows unauthorized access to sensitive data and could enable follow-on attacks. The issue is documented in IBM’s Security Bulletin (IBM Security Directory Server) and is tracked in multiple c...

5.3CVSS5.6AI score0.01312EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.44 views

CVE-2019-4562

IBM Security Directory Server 6.4.0 is affected by a vulnerability where sensitive information is stored in URLs, potentially disclosed through server logs, Referer headers, or browser history. The issue is documented as CVE-2019-4562, with public details indicating an information disclosure risk...

5.3CVSS5.4AI score0.00981EPSS
CVE
CVE
added 2019/10/02 2:45 p.m.43 views

CVE-2019-4539

CVE-2019-4539 affects IBM Security Directory Server 6.4.0. The vulnerability stems from improper neutralization of XML elements, allowing an attacker to modify XML syntax/content/commands before processing. IBM’s bulletin for this product/version documents the issue and provides a remediation: up...

7.1CVSS7.1AI score0.0123EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.43 views

CVE-2019-4551

IBM Security Directory Server (Product: IBM Security Directory Server, Version 6.4.0) is affected by CVE-2019-4551, where the product does not perform an authentication check for a critical resource or functionality, enabling anonymous users to access protected areas. The root cause is missing au...

5.3CVSS5.9AI score0.01278EPSS
CVE
CVE
added 2020/10/29 3:50 p.m.43 views

CVE-2019-4563

The vulnerability CVE-2019-4563 affects IBM Security Directory Server 6.4.0. The underlying issue is that authorization tokens and session cookies are not marked Secure, allowing an attacker to obtain cookie values by luring users to an http:// link or via a site the user visits, enabling traffic...

5.3CVSS4.8AI score0.00919EPSS
CVE
CVE
added 2019/10/02 2:45 p.m.42 views

CVE-2019-4520

CVE-2019-4520 affects IBM Security Directory Server 6.4.0, where an inadequate account lockout setting could allow a remote attacker to brute-force credentials. The IBM Security Bulletin confirms the issue and lists a fix: IBM Security Directory Server 6.4.0.19-ISS-ISDS-IF0019. Remediation is to ...

7.5CVSS7.3AI score0.02224EPSS
CVE
CVE
added 2020/10/29 3:50 p.m.41 views

CVE-2019-4547

CVE-2019-4547 affects IBM Security Directory Server 6.4.0. The vulnerability arises when the server generates an error message that reveals sensitive information about its environment, users, or data. The IBM bulletin identifies the affected product/version and provides a patch: 6.4.0.22-ISS-ISDS...

5.3CVSS5AI score0.01054EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.37 views

CVE-2019-4548

IBM Security Directory Server 6.4.0 is affected by CVE-2019-4548, a clickjacking vulnerability that could allow a remote attacker to hijack a victim’s single-click action by enticing the user to visit a malicious website. The issue affects the affected product version 6.4.0 and can enable an atta...

6.1CVSS6.3AI score0.00897EPSS