CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33166 – IBM Security Directory Suite VA file upload
https://notcve.org/view.php?id=CVE-2022-33166
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podría permitir a un usuario con privilegios cargar archivos maliciosos con formatos peligrosos que pueden procesarse automáticamente en el entorno del producto. ID de IBM X-Force: 228586. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228586 https://www.ibm.com/support/pages/node/7001693 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33159 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33159
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 almacena las credenciales de usuario en texto sin formato que puede leer un usuario autenticado. ID de IBM X-Force: 228567. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228567 https://www.ibm.com/support/pages/node/7001693 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33168 – IBM Security Directory Suite VA denial of service
https://notcve.org/view.php?id=CVE-2022-33168
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. IBM Security Directory Suite VA v8.0.1 podría permitir a un atacante provocar una denegación de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 228588. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228588 https://www.ibm.com/support/pages/node/7001885 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33163 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33163
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. IBM Security Directory Suite VA v8.0.1 especifica permisos para un recurso crítico para la seguridad de una forma que permite que dicho recurso sea leído o modificado por actores no deseados. ID de IBM X-Force: 228571. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228571 https://www.ibm.com/support/pages/node/7001885 • CWE-732: Incorrect Permission Assignment for Critical Resource •