CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33160 – IBM Security Directory Suite information disclosure
https://notcve.org/view.php?id=CVE-2022-33160
06 Oct 2023 — IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. IBM Security Directory Suite 8.0.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 228568. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228568 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32752 – IBM Security Directory Suite VA command execution
https://notcve.org/view.php?id=CVE-2022-32752
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podría permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 228439. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228439 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32757 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-32757
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de las cuentas. ID de IBM X-Force: 228510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228510 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33166 – IBM Security Directory Suite VA file upload
https://notcve.org/view.php?id=CVE-2022-33166
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 podría permitir a un usuario con privilegios cargar archivos maliciosos con formatos peligrosos que pueden procesarse automáticamente en el entorno del producto. ID de IBM X-Force: 228586. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228586 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33159 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33159
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. IBM Security Directory Suite VA v8.0.1 a v8.0.1.19 almacena las credenciales de usuario en texto sin formato que puede leer un usuario autenticado. ID de IBM X-Force: 228567. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228567 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33168 – IBM Security Directory Suite VA denial of service
https://notcve.org/view.php?id=CVE-2022-33168
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. IBM Security Directory Suite VA v8.0.1 podría permitir a un atacante provocar una denegación de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 228588. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228588 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33163 – IBM Security Directory Suite VA information disclosure
https://notcve.org/view.php?id=CVE-2022-33163
15 Jun 2023 — IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. IBM Security Directory Suite VA v8.0.1 especifica permisos para un recurso crítico para la seguridad de una forma que permite que dicho recurso sea leído o modificado por actores no deseados. ID de IBM X-Force: 228571. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228571 • CWE-732: Incorrect Permission Assignment for Critical Resource •