CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32755 – IBM Security Directory Server external entity injection
https://notcve.org/view.php?id=CVE-2022-32755
14 Oct 2023 — IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. IBM Security Directory Server 6.4.0 es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228505 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33161 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-33161
14 Oct 2023 — IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. IBM Security Directory Server 6.4.0 podría permitir que un atacante remoto obtenga información confidencial, causada por una falla al habilitar correctamente HTTP Strict Transport Security. Un atacante podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33160 – IBM Security Directory Suite information disclosure
https://notcve.org/view.php?id=CVE-2022-33160
06 Oct 2023 — IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. IBM Security Directory Suite 8.0.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228568. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228568 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32752 – IBM Security Directory Suite VA command execution
https://notcve.org/view.php?id=CVE-2022-32752
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podría permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 228439. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228439 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32757 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-32757
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de las cuentas. ID de IBM X-Force: 228510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228510 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33166 – IBM Security Directory Suite VA file upload
https://notcve.org/view.php?id=CVE-2022-33166
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podría permitir a un usuario con privilegios cargar archivos maliciosos con formatos peligrosos que pueden procesarse automáticamente en el entorno del producto. ID de IBM X-Force: 228586. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228586 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33159 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33159
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 almacena las credenciales de usuario en texto sin formato que puede leer un usuario autenticado. ID de IBM X-Force: 228567. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228567 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33168 – IBM Security Directory Suite VA denial of service
https://notcve.org/view.php?id=CVE-2022-33168
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. IBM Security Directory Suite VA v8.0.1 podría permitir a un atacante provocar una denegación de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 228588. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228588 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33163 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33163
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. IBM Security Directory Suite VA v8.0.1 especifica permisos para un recurso crítico para la seguridad de una forma que permite que dicho recurso sea leído o modificado por actores no deseados. ID de IBM X-Force: 228571. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228571 • CWE-732: Incorrect Permission Assignment for Critical Resource •