Ibm Security Directory Server — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Directory Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2022-33164 — CVSS 8.7 (high): IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially…
CVE-2019-4538 — CVSS 8.2 (high): IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading…
CVE-2019-4520 — CVSS 7.5 (high): IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account…
CVE-2019-4540 — CVSS 7.5 (high): IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2015-1977 — CVSS 7.5 (high): Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074…
CVE-2019-4541 — CVSS 7.2 (high): IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls…
CVE-2013-6747 — CVSS 7.1 (high): IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS)…
CVE-2019-4539 — CVSS 7.1 (high): IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the…
CVE-2024-28772 — CVSS 6.8 (medium): IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting…
CVE-2019-4542 — CVSS 6.1 (medium): IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2019-4548 — CVSS 6.1 (medium): IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to…
CVE-2022-32755 — CVSS 5.5 (medium): IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote…
CVE-2015-1976 — CVSS 5.5 (medium): IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the…
CVE-2019-4551 — CVSS 5.3 (medium): IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous…
CVE-2019-4563 — CVSS 5.3 (medium): IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to…
CVE-2022-32759 — CVSS 5.3 (medium): IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which…
CVE-2022-33161 — CVSS 5.3 (medium): IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable…
CVE-2019-4562 — CVSS 5.3 (medium): IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties…
CVE-2019-4547 — CVSS 5.3 (medium): IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or…
CVE-2019-4549 — CVSS 5.3 (medium): IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further…
CVE-2019-4550 — CVSS 5.3 (medium): IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.
CVE-2014-6100 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before…