CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32751 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32751
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. IBM Security Verify Directory 10.0.0 podría revelar información confidencial del servidor que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 228437. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 https://www.ibm.com/support/pages/node/7145001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32756 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32756
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. IBM Security Verify Directory 10.0.0 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 https://www.ibm.com/support/pages/node/7145001 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32753 – IBM Security Verify Directory information disclosure
https://notcve.org/view.php?id=CVE-2022-32753
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. IBM Security Verify Directory 10.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228444. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 https://www.ibm.com/support/pages/node/7145001 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32755 – IBM Security Directory Server external entity injection
https://notcve.org/view.php?id=CVE-2022-32755
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. IBM Security Directory Server 6.4.0 es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228505 https://www.ibm.com/support/pages/node/7047428 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33161 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-33161
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. IBM Security Directory Server 6.4.0 podría permitir que un atacante remoto obtenga información confidencial, causada por una falla al habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial utilizando técnicas de intermediario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 https://www.ibm.com/support/pages/node/7047116 https://www.ibm.com/support/pages/node/7047428 • CWE-311: Missing Encryption of Sensitive Data •