5 matches found
CVE-2022-33162
Concisely: CVE-2022-33162 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where certain functionality that requires a provable user identity or consumes significant resources does not perform authentication, allowing access at unprivileged leve...
CVE-2022-33167
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 are affected by CVE-2022-33167 due to failure to set the HTTPOnly flag on cookies, enabling an remote attacker to read sensitive data from cookies. Affected products: IBM Security Directory Integrator 7.2....
CVE-2024-28771
CVE-2024-28771 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, caused by not setting the secure attribute on authorization tokens or session cookies. This can allow cookie values to be exposed when a user is lured to or visits an http link, ena...
CVE-2024-28766
CVE-2024-28766 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. The issue is an information disclosure in which sensitive directory contents could be exposed, potentially aiding further attacks. The connected IBM bulletin confirms affected produ...
CVE-2024-28770
Affected products: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. Root cause: missing secure attribute on authorization tokens/session cookies. Impact: cookies can be exposed via http links and traffic snooping, enabling session hijacking as described...