CVE-2024-28772

all versions

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scr

6.8MEDIUM

CVE-2022-32759

all versions

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration w

5.3MEDIUM

CVE-2022-33161

all versions

IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to proper

5.3MEDIUM

CVE-2022-32755

all versions

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A rem

5.5MEDIUM

CVE-2022-33164

all versions

IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a

8.7HIGH

CVE-2019-4563

all versions

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be

5.3MEDIUM

CVE-2019-4547

all versions

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, o

5.3MEDIUM

CVE-2019-4562

>= 6.4.0.0 and < 6.4.0.20

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized

5.3MEDIUM

CVE-2019-4551

>= 6.4.0.0 and < 6.4.0.20

IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing ano

5.3MEDIUM

CVE-2019-4550

>= 6.4.0.0 and < 6.4.0.20

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID

5.3MEDIUM

CVE-2019-4548

>= 6.4.0.0 and < 6.4.0.20

IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a vic

6.1MEDIUM

CVE-2019-4541

>= 6.4.0.0 and < 6.4.0.20

IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application

7.2HIGH

CVE-2019-4540

>= 6.4.0.0 and < 6.4.0.20

IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt hig

7.5HIGH

CVE-2019-4549

all versions

IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount fu

5.3MEDIUM

CVE-2019-4542

all versions

IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Java

6.1MEDIUM

CVE-2019-4539

all versions

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modi

7.1HIGH

CVE-2019-4538

all versions

IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By p

8.2HIGH

CVE-2019-4520

all versions

IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force a

7.5HIGH

CVE-2015-1976

>= 6.3.0.0 and <= 6.3.1.15

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would ca

5.5MEDIUM

CVE-2015-1977

all versions

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF

7.5HIGH

CVE-2014-6100

all versions

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 b

CVE-2013-6747

all versions

IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Serve