CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4540
https://notcve.org/view.php?id=CVE-2019-4540
04 Feb 2020 — IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813. IBM Security Directory Server versión 6.4.0, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 165813. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165813 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4549
https://notcve.org/view.php?id=CVE-2019-4549
02 Oct 2019 — IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. IBM Security Directory Server versión 6.4.0, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165951 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4542
https://notcve.org/view.php?id=CVE-2019-4542
02 Oct 2019 — IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815. IBM Security Directory Server versión 6.4.0, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario W... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4539
https://notcve.org/view.php?id=CVE-2019-4539
02 Oct 2019 — IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812. IBM Security Directory Server versión 6.4.0, no neutraliza apropiadamente los elementos especiales que son usados en XML, permitiendo a los atacantes modificar la sintaxis, el contenido o los comandos del XML antes de que sea procesado por un sistema final. ID de IBM X-... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165812 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4538
https://notcve.org/view.php?id=CVE-2019-4538
02 Oct 2019 — IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660. IBM Security Directory Server ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165660 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4520
https://notcve.org/view.php?id=CVE-2019-4520
02 Oct 2019 — IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. IBM Security Directory Server versión 6.4.0, utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto forzar las credenciales de cuenta. ID de IBM X-Force: 165178. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165178 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1976
https://notcve.org/view.php?id=CVE-2015-1976
08 Feb 2017 — IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. IBM Security Directory Server podría permitir a un usuario autenticado ejecutar comandos en la herramienta de administración web que causaría la caída de la herramienta. • http://www.ibm.com/support/docview.wss?uid=swg21980585 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 191EXPL: 0CVE-2015-1977
https://notcve.org/view.php?id=CVE-2015-1977
15 Jul 2016 — Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en la herramienta Web Administration en IBM Tivoli Directory Serve... • http://www-01.ibm.com/support/docview.wss?uid=swg21986452 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 82EXPL: 0CVE-2014-6100
https://notcve.org/view.php?id=CVE-2014-6100
19 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz del usuario de administración en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 an... • http://secunia.com/advisories/61061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2013-6747
https://notcve.org/view.php?id=CVE-2013-6747
27 Jan 2014 — IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain. IBM GSKit 7.x anterior a la versión 7.0.4.48 y 8.x anterior a 8.0.50.16, tal como se usa en IBM Security Directory Server (ISDS) y Tivoli Directory Server (TDS), permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación o... • http://osvdb.org/102556 • CWE-20: Improper Input Validation •