CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51450 – IBM Security Verify Directory Command Execution
https://notcve.org/view.php?id=CVE-2024-51450
06 Feb 2025 — IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. • https://www.ibm.com/support/pages/node/7182558 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45650 – IBM Security Verify Directory denial of service
https://notcve.org/view.php?id=CVE-2024-45650
31 Jan 2025 — IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation. • https://www.ibm.com/support/pages/node/7182169 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28766 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28766
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7161444 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28770 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28770
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28771 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-28771
27 Jan 2025 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7161444 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33162 – IBM Directory Server buffer overflow
https://notcve.org/view.php?id=CVE-2022-33162
16 Aug 2024 — IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 228570. IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a stan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33167 – IBM Security Directory Integrator information disclosure
https://notcve.org/view.php?id=CVE-2022-33167
30 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228587 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28772 – IBM Security Directory Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28772
25 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285645 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32759 – IBM Security Directory Server information disclosure
https://notcve.org/view.php?id=CVE-2022-32759
25 Jul 2024 — IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. • https://exchange.xforce.ibmcloud.com/vulnerabilities/228565 • CWE-613: Insufficient Session Expiration •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32754 – IBM Security Verify Directory cross-site scripting
https://notcve.org/view.php?id=CVE-2022-32754
22 Mar 2024 — IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. IBM Security Verify Directory 10.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/228445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •