2 matches found
CVE-2022-32755
CVE-2022-32755 affects IBM Security Directory Server 6.4.0. It is described as an XML External Entity (XXE) injection when processing XML data, enabling a remote attacker to expose sensitive information or cause memory/resource usage. Remediation referenced in the IBM bulletin: apply IBM Security...
CVE-2022-33161
CVE-2022-33161 affects IBM Security Directory Server 6.4.0. The issue is caused by failure to properly enable HTTP Strict Transport Security, enabling an attacker to obtain sensitive information via man-in-the-middle over the network. Impact is information disclosure; published scores show MEDIUM...