CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28766 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28766
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7161444 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28770 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28770
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28771 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28771
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28767 – IBM Security Directory Integrator command execution
https://notcve.org/view.php?id=CVE-2024-28767
20 Dec 2024 — IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. • https://www.ibm.com/support/pages/node/7179558 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33162 – IBM Directory Server buffer overflow
https://notcve.org/view.php?id=CVE-2022-33162
16 Aug 2024 — IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 228570. IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a stan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33167 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2022-33167
30 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28772 – IBM Security Directory Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28772
25 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285645 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32759 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-32759
25 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228565 • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33165 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-33165
14 Oct 2023 — IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582. IBM Security Directory Server 6.4.0 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitrarios... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228582 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33161 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-33161
14 Oct 2023 — IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. IBM Security Directory Server 6.4.0 podría permitir que un atacante remoto obtenga información confidencial, causada por una falla al habilitar correctamente HTTP Strict Transport Security. Un atacante podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 • CWE-311: Missing Encryption of Sensitive Data •