7 matches found
CVE-2022-33160
CVE-2022-33160 affects IBM Security Directory Suite 8.0.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The IBM security bulletin confirms the affected product/version and offers a fix: VA 8.0.1-ISS-ISDS-FP0021. Other connect...
CVE-2022-33168
CVE-2022-33168 affects IBM Security Directory Suite VA 8.0.1 and could cause a denial of service via uncontrolled resource consumption. The issue has a base score of 7.5 (HIGH) per IBM/X-Force data. Remediation is to apply the fixes listed by IBM: Directory Suite 8.0.1 Fixpack 21 (and related int...
CVE-2022-33163
CVE-2022-33163 affects IBM Security Directory Suite VA 8.0.1, where permissions on a security-critical resource permit read or modification by unintended actors. Public sources align on an information-disclosure/unauthorized-access risk with high impact to confidentiality and integrity (CVE descr...
CVE-2022-32757
IBM Security Directory Suite VA 8.0.1–8.0.1.19 is affected by an inadequate account lockout setting that could allow a remote attacker to brute-force credentials. The issue is tied to CVE-2022-32757 and is documented with a HIGH impact (CVSS v3.1 base score 7.5; Network attack vector, low attack ...
CVE-2022-33159
CVE-2022-33159 affects IBM Security Directory Suite VA 8.0.1–8.0.1.19, where user credentials are stored in plaintext readable by an authenticated user. Root cause is plaintext credential storage leading to information disclosure of sensitive credentials (confidentiality impact high; integrity/av...
CVE-2022-32752
CVE-2022-32752 affects IBM Security Directory Suite VA 8.0.1 through 8.0.1.19. A remote authenticated attacker can execute arbitrary commands on the system by sending a specially crafted request. IBM’s advisory and related sources identify the affected product and provide a fix: update to IBM Sec...
CVE-2022-33166
CVE-2022-33166 affects IBM Security Directory Suite VA 8.0.1–8.0.1.19. The issue allows a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s environment, as described by Red Hat and IBM advisories (X-Force ID: 228586). Root cause ...