NotCVE - vendor:"IBM" product:"Security Verify Directory" version:" >= 10.0.0 <= 10.0.3"

8 results (0.005 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-51450 – IBM Security Verify Directory Command Execution

https://notcve.org/view.php?id=CVE-2024-51450

06 Feb 2025 — IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. • https://www.ibm.com/support/pages/node/7182558 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-45650 – IBM Security Verify Directory denial of service

https://notcve.org/view.php?id=CVE-2024-45650

31 Jan 2025 — IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation. • https://www.ibm.com/support/pages/node/7182169 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-32754 – IBM Security Verify Directory cross-site scripting

https://notcve.org/view.php?id=CVE-2022-32754

22 Mar 2024 — IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. IBM Security Verify Directory 10.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-32751 – IBM Security Verify Directory information disclosure

https://notcve.org/view.php?id=CVE-2022-32751

22 Mar 2024 — IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. IBM Security Verify Directory 10.0.0 podría revelar información confidencial del servidor que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 228437. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-32756 – IBM Security Verify Directory information disclosure

https://notcve.org/view.php?id=CVE-2022-32756

22 Mar 2024 — IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. IBM Security Verify Directory 10.0.0 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-32753 – IBM Security Verify Directory information disclosure

https://notcve.org/view.php?id=CVE-2022-32753

22 Mar 2024 — IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. IBM Security Verify Directory 10.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228444. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 • CWE-326: Inadequate Encryption Strength •

CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-32755 – IBM Security Directory Server external entity injection

https://notcve.org/view.php?id=CVE-2022-32755

14 Oct 2023 — IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. IBM Security Directory Server 6.4.0 es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228505 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-33161 – IBM Security Directory Server information disclosure

https://notcve.org/view.php?id=CVE-2022-33161

14 Oct 2023 — IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. IBM Security Directory Server 6.4.0 podría permitir que un atacante remoto obtenga información confidencial, causada por una falla al habilitar correctamente HTTP Strict Transport Security. Un atacante podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 • CWE-311: Missing Encryption of Sensitive Data •