10 matches found
CVE-2022-32755
CVE-2022-32755 affects IBM Security Directory Server 6.4.0. It is described as an XML External Entity (XXE) injection when processing XML data, enabling a remote attacker to expose sensitive information or cause memory/resource usage. Remediation referenced in the IBM bulletin: apply IBM Security...
CVE-2024-51450
CVE-2024-51450 – IBM Security Verify Directory Affected: IBM Security Verify Directory versions 10.0.0 through 10.0.3.Root cause: OS Command Injection vulnerability (CWE-78) allowing unintended command execution when a specially crafted request is processed.Impact: A remote authenticated attacker...
CVE-2022-32754
CVE-2022-32754 : IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting in the Web UI, allowing arbitrary JavaScript and potentially credential disclosure within a trusted session. IBM X-Force ID: 228445. Remediation: apply fixed releases (e.g., Verify Directory 10.0.3+; relat...
CVE-2022-33161
CVE-2022-33161 affects IBM Security Directory Server 6.4.0. The issue is caused by failure to properly enable HTTP Strict Transport Security, enabling an attacker to obtain sensitive information via man-in-the-middle over the network. Impact is information disclosure; published scores show MEDIUM...
CVE-2022-32753
CVE-2022-32753 affects IBM Security Verify Directory 10.0.0. The vulnerability arises from the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information (IBM X-Force ID: 228444). IBM's bulletin details the vulnerability in the Dire...
CVE-2024-45650
CVE-2024-45650 affects IBM Security Verify Directory 10.0 through 10.0.3. The vulnerability is a denial of service triggered by LDAP extended operations, caused by an issue in how unusual conditions are checked (per IBM’s description). The CVSS v3.1 base score is 7.5 (NETWORK attack vector, LOW c...
CVE-2022-32756
CVE-2022-32756 affects IBM Security Verify Directory 10.0.0. The vulnerability allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser, enabling information disclosure that could aid further attacks. The evidence and scores appea...
CVE-2022-32751
CVE-2022-32751 affects IBM Security Verify Directory (Directory/Verify Directory) at version 10.0.0, where an information-disclosure condition could allow an attacker to retrieve sensitive server data. The published IBM notices (Security Bulletin entries) corroborate that this vulnerability is as...
CVE-2025-1411
CVE-2025-1411 affects IBM Security Verify Directory Container versions 10.0.0.0–10.0.3.1. The root cause is execution with unnecessary privileges, allowing a local user to run commands as root. Affects the Directory Container and related components (verify-directory-server, -proxy, -webadmin, -vi...
CVE-2025-36074
CVE-2025-36074 affects IBM Security Verify Directory (Container) versions 10.0.0–10.0.0.3. The root cause is failure to validate file types during upload, enabling a privileged user to upload files that could be sent to victims for further attacks (CWE-434). The documented impact includes potenti...