Lucene search
K
IbmSecurity Verify Directory Integrator

5 matches found

CVE
CVE
added 2024/08/16 6:33 p.m.73 views

CVE-2022-33162

Concisely: CVE-2022-33162 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, where certain functionality that requires a provable user identity or consumes significant resources does not perform authentication, allowing access at unprivileged leve...

9.8CVSS7.8AI score0.0043EPSS
CVE
CVE
added 2024/07/30 5:5 p.m.65 views

CVE-2022-33167

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 are affected by CVE-2022-33167 due to failure to set the HTTPOnly flag on cookies, enabling an remote attacker to read sensitive data from cookies. Affected products: IBM Security Directory Integrator 7.2....

7.5CVSS3.7AI score0.00426EPSS
CVE
CVE
added 2025/01/27 1:12 a.m.52 views

CVE-2024-28771

CVE-2024-28771 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0, caused by not setting the secure attribute on authorization tokens or session cookies. This can allow cookie values to be exposed when a user is lured to or visits an http link, ena...

6.5CVSS4.9AI score0.00175EPSS
CVE
CVE
added 2025/01/27 1:14 a.m.49 views

CVE-2024-28766

CVE-2024-28766 affects IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. The issue is an information disclosure in which sensitive directory contents could be exposed, potentially aiding further attacks. The connected IBM bulletin confirms affected produ...

7.5CVSS3.3AI score0.00303EPSS
CVE
CVE
added 2025/01/27 1:12 a.m.45 views

CVE-2024-28770

Affected products: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0. Root cause: missing secure attribute on authorization tokens/session cookies. Impact: cookies can be exposed via http links and traffic snooping, enabling session hijacking as described...

6.5CVSS4.9AI score0.00175EPSS