CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33160 – IBM Security Directory Suite information disclosure
https://notcve.org/view.php?id=CVE-2022-33160
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. IBM Security Directory Suite 8.0.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228568. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228568 https://www.ibm.com/support/pages/node/7047071 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32752 – IBM Security Directory Suite VA command execution
https://notcve.org/view.php?id=CVE-2022-32752
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podría permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 228439. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228439 https://www.ibm.com/support/pages/node/7001693 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32757 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-32757
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de las cuentas. ID de IBM X-Force: 228510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228510 https://www.ibm.com/support/pages/node/7001693 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33166 – IBM Security Directory Suite VA file upload
https://notcve.org/view.php?id=CVE-2022-33166
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podría permitir a un usuario con privilegios cargar archivos maliciosos con formatos peligrosos que pueden procesarse automáticamente en el entorno del producto. ID de IBM X-Force: 228586. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228586 https://www.ibm.com/support/pages/node/7001693 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33159 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33159
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 almacena las credenciales de usuario en texto sin formato que puede leer un usuario autenticado. ID de IBM X-Force: 228567. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228567 https://www.ibm.com/support/pages/node/7001693 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •