CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32759 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-32759
25 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228565 • CWE-613: Insufficient Session Expiration •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32754 – IBM Security Verify Directory cross-site scripting
https://notcve.org/view.php?id=CVE-2022-32754
22 Mar 2024 — IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. IBM Security Verify Directory 10.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32751 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32751
22 Mar 2024 — IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. IBM Security Verify Directory 10.0.0 podría revelar información confidencial del servidor que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 228437. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32756 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32756
22 Mar 2024 — IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. IBM Security Verify Directory 10.0.0 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32753 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32753
22 Mar 2024 — IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. IBM Security Verify Directory 10.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228444. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32755 – IBM Security Directory Server external entity injection
https://notcve.org/view.php?id=CVE-2022-32755
14 Oct 2023 — IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. IBM Security Directory Server 6.4.0 es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228505 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33161 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-33161
14 Oct 2023 — IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. IBM Security Directory Server 6.4.0 podría permitir que un atacante remoto obtenga información confidencial, causada por una falla al habilitar correctamente HTTP Strict Transport Security. Un atacante podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22323
https://notcve.org/view.php?id=CVE-2022-22323
27 Apr 2022 — IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD versión 10.x) es vulnerable a una denegación de servicio, causada por un desbordamiento... • https://exchange.xforce.ibmcloud.com/vulnerabilities/218379 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22312
https://notcve.org/view.php?id=CVE-2022-22312
27 Apr 2022 — IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD versión 10.x) es vulnerable a una denegación de servicio, causada por un desbordamiento... • https://exchange.xforce.ibmcloud.com/vulnerabilities/217369 • CWE-787: Out-of-bounds Write •