CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4520
https://notcve.org/view.php?id=CVE-2019-4520
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. IBM Security Directory Server versión 6.4.0, utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto forzar las credenciales de cuenta. ID de IBM X-Force: 165178. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165178 https://www.ibm.com/support/pages/node/1077045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1976
https://notcve.org/view.php?id=CVE-2015-1976
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. IBM Security Directory Server podría permitir a un usuario autenticado ejecutar comandos en la herramienta de administración web que causaría la caída de la herramienta. • http://www.ibm.com/support/docview.wss?uid=swg21980585 http://www.securityfocus.com/bid/90526 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 191EXPL: 0CVE-2015-1977
https://notcve.org/view.php?id=CVE-2015-1977
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en la herramienta Web Administration en IBM Tivoli Directory Server (ITDS) en versiones anteriores a 6.1.0.74-ISS-ISDS-IF0074, 6.2.x en versiones anteriores a 6.2.0.50-ISS-ISDS-IF0050 y 6.3.x en versiones anteriores a 6.3.0.43-ISS-ISDS-IF0043 y IBM Security Directory Server (ISDS) en versiones anteriores a 6.3.1.18-ISS-ISDS-IF0018 y 6.4.x en versiones anteriores a 6.4.0.9-ISS-ISDS-IF0009 permite a atacantes remotos leer archivos arbitrarios a través de .. (punto punto) en una URL. • http://www-01.ibm.com/support/docview.wss?uid=swg21986452 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 82EXPL: 0CVE-2014-6100
https://notcve.org/view.php?id=CVE-2014-6100
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz del usuario de administración en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 anterior a 6.2.0.39-ISS-ITDS-FP0039, y 6.3 anterior a 6.3.0.33-ISS-ITDS-IF0033, e IBM Security Directory Server 6.3.1 anterior a 6.3.1.7-ISS-ISDS-IF0007, permite a usuarios remotos autenticados inyectar secuencias de comandos web a través de una URL manipulada. • http://secunia.com/advisories/61061 http://www-01.ibm.com/support/docview.wss?uid=swg21686581 https://exchange.xforce.ibmcloud.com/vulnerabilities/96005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 4%CPEs: 8EXPL: 0CVE-2013-6747
https://notcve.org/view.php?id=CVE-2013-6747
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain. IBM GSKit 7.x anterior a la versión 7.0.4.48 y 8.x anterior a 8.0.50.16, tal como se usa en IBM Security Directory Server (ISDS) y Tivoli Directory Server (TDS), permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación o cuelgue) a través de una cadena de certificados. • http://osvdb.org/102556 http://secunia.com/advisories/56698 http://secunia.com/advisories/56699 http://www-01.ibm.com/support/docview.wss?uid=swg21662902 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www.securitytracker.com/id/1029687 https://exchange.xforce.ibmcloud.com/vulnerabilities/89863 • CWE-20: Improper Input Validation •