Vulnerabilites related to ibm - security_directory_server
cve-2022-33164
Vulnerability from cvelistv5
Published
2023-09-08 19:58
Modified
2024-09-26 14:16
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
Summary
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.
References
https://www.ibm.com/support/pages/node/7031021vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228579vdb-entry
Impacted products
Vendor Product Version
IBM Security Directory Integrator Version: 7.2.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7031021"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228579"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33164",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T14:16:06.739985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:16:29.565Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Security Directory Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view or write to arbitrary files on the system.  IBM X-Force ID:  228579."
            }
          ],
          "value": "IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view or write to arbitrary files on the system.  IBM X-Force ID:  228579."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T19:58:51.729Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7031021"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228579"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Directory Server path traversal",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-33164",
    "datePublished": "2023-09-08T19:58:51.729Z",
    "dateReserved": "2022-06-13T16:18:00.247Z",
    "dateUpdated": "2024-09-26T14:16:29.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-6100
Vulnerability from cvelistv5
Published
2014-10-19 01:00
Modified
2024-08-06 12:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/96005vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21686581x_refsource_CONFIRM
http://secunia.com/advisories/61061third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-sds-cve20146100-xss(96005)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
          },
          {
            "name": "61061",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61061"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-sds-cve20146100-xss(96005)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
        },
        {
          "name": "61061",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61061"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6100",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-sds-cve20146100-xss(96005)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
            },
            {
              "name": "61061",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61061"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6100",
    "datePublished": "2014-10-19T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-6747
Vulnerability from cvelistv5
Published
2014-01-27 16:00
Modified
2024-08-06 17:46
Severity ?
Summary
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/89863vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21676092x_refsource_CONFIRM
http://secunia.com/advisories/56698third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/102556vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/56699third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21662902x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676091x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21669554x_refsource_CONFIRM
http://www.securitytracker.com/id/1029687vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:23.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-gskit-cve20136747-cert-chain(89863)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89863"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "name": "56698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56698"
          },
          {
            "name": "102556",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102556"
          },
          {
            "name": "56699",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56699"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662902"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
          },
          {
            "name": "1029687",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-gskit-cve20136747-cert-chain(89863)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89863"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
        },
        {
          "name": "56698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56698"
        },
        {
          "name": "102556",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102556"
        },
        {
          "name": "56699",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56699"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662902"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
        },
        {
          "name": "1029687",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029687"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-6747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-gskit-cve20136747-cert-chain(89863)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89863"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
            },
            {
              "name": "56698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56698"
            },
            {
              "name": "102556",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102556"
            },
            {
              "name": "56699",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56699"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21662902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662902"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
            },
            {
              "name": "1029687",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029687"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-6747",
    "datePublished": "2014-01-27T16:00:00",
    "dateReserved": "2013-11-08T00:00:00",
    "dateUpdated": "2024-08-06T17:46:23.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4520
Vulnerability from cvelistv5
Published
2019-10-02 14:45
Modified
2024-09-17 03:18
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.
References
https://www.ibm.com/support/pages/node/1077045x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165178vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1077045"
          },
          {
            "name": "ibm-sds-cve20194520-info-disc (165178)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165178"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2019-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/UI:N/PR:N/A:N/I:N/AV:N/S:U/C:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-02T14:45:28",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1077045"
        },
        {
          "name": "ibm-sds-cve20194520-info-disc (165178)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165178"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-01T00:00:00",
          "ID": "CVE-2019-4520",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1077045",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1077045 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1077045"
            },
            {
              "name": "ibm-sds-cve20194520-info-disc (165178)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165178"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4520",
    "datePublished": "2019-10-02T14:45:28.645484Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T03:18:11.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32759
Vulnerability from cvelistv5
Published
2024-07-25 17:11
Modified
2024-08-03 07:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.
References
https://www.ibm.com/support/pages/node/7161446vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228565vdb-entry
Impacted products
Vendor Product Version
IBM Security Directory Integrator Version: 7.2.0
    cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
IBM Security Verify Directory Integrator Version: 10.0.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32759",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T14:51:28.734617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T14:52:31.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:44.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7161446"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Security Directory Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Security Verify Directory Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, Ben Goodspeed"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information.  IBM X-Force ID:  228565."
            }
          ],
          "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information.  IBM X-Force ID:  228565."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-25T17:11:44.253Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7161446"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228565"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Directory Server information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-32759",
    "datePublished": "2024-07-25T17:11:44.253Z",
    "dateReserved": "2022-06-09T15:49:18.233Z",
    "dateUpdated": "2024-08-03T07:46:44.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4562
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-16 16:14
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.
References
https://www.ibm.com/support/pages/node/1288660x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/166623vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1288660"
          },
          {
            "name": "ibm-sds-cve20194562-info-disc (166623)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166623"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.2,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:L/UI:N/PR:N/S:U/AV:N/AC:H/I:N/A:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T16:45:36",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1288660"
        },
        {
          "name": "ibm-sds-cve20194562-info-disc (166623)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166623"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-03T00:00:00",
          "ID": "CVE-2019-4562",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1288660",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1288660 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1288660"
            },
            {
              "name": "ibm-sds-cve20194562-info-disc (166623)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166623"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4562",
    "datePublished": "2020-02-04T16:45:36.794608Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T16:14:16.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4541
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-17 04:05
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.
References
https://www.ibm.com/support/pages/node/1288660x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165814vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1288660"
          },
          {
            "name": "ibm-sds-cve20194541-sec-bypass (165814)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165814"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:H/S:U/UI:N/C:H/I:N/A:H/AV:N/AC:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T16:45:34",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1288660"
        },
        {
          "name": "ibm-sds-cve20194541-sec-bypass (165814)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165814"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-03T00:00:00",
          "ID": "CVE-2019-4541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1288660",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1288660 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1288660"
            },
            {
              "name": "ibm-sds-cve20194541-sec-bypass (165814)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165814"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4541",
    "datePublished": "2020-02-04T16:45:35.031509Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T04:05:01.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28772
Vulnerability from cvelistv5
Published
2024-07-25 17:18
Modified
2024-08-02 00:56
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.
References
https://www.ibm.com/support/pages/node/7161448vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/285645vdb-entry
Impacted products
Vendor Product Version
IBM Security Directory Integrator Version: 7.2.0
    cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*
IBM Security Verify Directory Integrator Version: 10.0.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T14:01:09.300896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T14:01:17.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7161448"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285645"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Security Directory Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Security Verify Directory Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, Ben Goodspeed"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  285645."
            }
          ],
          "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  285645."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-25T17:18:40.388Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7161448"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285645"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Directory Integrator cross-site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-28772",
    "datePublished": "2024-07-25T17:18:40.388Z",
    "dateReserved": "2024-03-10T12:23:11.489Z",
    "dateUpdated": "2024-08-02T00:56:58.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32755
Vulnerability from cvelistv5
Published
2023-10-14 14:25
Modified
2024-09-17 16:23
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.
References
https://www.ibm.com/support/pages/node/7047428vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228505vdb-entry
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:45.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047428"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228505"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T16:23:51.338847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T16:23:59.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  228505."
            }
          ],
          "value": "IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  228505."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-91",
              "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-14T14:25:43.482Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047428"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228505"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Directory Server external entity injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-32755",
    "datePublished": "2023-10-14T14:25:43.482Z",
    "dateReserved": "2022-06-09T15:49:18.232Z",
    "dateUpdated": "2024-09-17T16:23:59.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4549
Vulnerability from cvelistv5
Published
2019-10-02 14:45
Modified
2024-09-16 22:36
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.
References
https://www.ibm.com/support/pages/node/1077045x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165951vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.734Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1077045"
          },
          {
            "name": "ibm-sds-cve20194549-info-disc (165951)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165951"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2019-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/AC:L/S:U/C:L/AV:N/I:N/PR:N/A:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-02T14:45:30",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1077045"
        },
        {
          "name": "ibm-sds-cve20194549-info-disc (165951)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165951"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-01T00:00:00",
          "ID": "CVE-2019-4549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1077045",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1077045 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1077045"
            },
            {
              "name": "ibm-sds-cve20194549-info-disc (165951)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165951"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4549",
    "datePublished": "2019-10-02T14:45:30.435064Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T22:36:36.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4539
Vulnerability from cvelistv5
Published
2019-10-02 14:45
Modified
2024-09-17 00:35
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
References
https://www.ibm.com/support/pages/node/1077045x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165812vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1077045"
          },
          {
            "name": "ibm-sds-cve20194539-xml-injection (165812)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2019-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/A:H/I:L/AV:N/S:U/C:N/AC:L/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-02T14:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1077045"
        },
        {
          "name": "ibm-sds-cve20194539-xml-injection (165812)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-01T00:00:00",
          "ID": "CVE-2019-4539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1077045",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1077045 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1077045"
            },
            {
              "name": "ibm-sds-cve20194539-xml-injection (165812)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4539",
    "datePublished": "2019-10-02T14:45:29.486636Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:35:34.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1977
Vulnerability from cvelistv5
Published
2016-07-15 18:00
Modified
2024-08-06 05:02
Severity ?
Summary
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21986452x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:42.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-07-15T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1977",
    "datePublished": "2016-07-15T18:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:42.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4540
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-16 22:52
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.
References
https://www.ibm.com/support/pages/node/1288660x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165813vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1288660"
          },
          {
            "name": "ibm-sds-cve20194540-info-disc (165813)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165813"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/I:N/A:N/UI:N/C:H/S:U/PR:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T16:45:34",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1288660"
        },
        {
          "name": "ibm-sds-cve20194540-info-disc (165813)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165813"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-03T00:00:00",
          "ID": "CVE-2019-4540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1288660",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1288660 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1288660"
            },
            {
              "name": "ibm-sds-cve20194540-info-disc (165813)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165813"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4540",
    "datePublished": "2020-02-04T16:45:34.586430Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T22:52:11.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1976
Vulnerability from cvelistv5
Published
2017-02-08 22:00
Modified
2024-08-06 05:02
Severity ?
Summary
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
References
http://www.securityfocus.com/bid/90526vdb-entry, x_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg21980585x_refsource_CONFIRM
Impacted products
Vendor Product Version
IBM Corporation Directory Server Version: 6.1
Version: 6.2
Version: 6.3
Version: 6.3.1
Version: 6.0
Version: 6.4
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:42.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "90526",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90526"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Directory Server",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.4"
            }
          ]
        }
      ],
      "datePublic": "2016-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-09T10:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "90526",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90526"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.1"
                          },
                          {
                            "version_value": "6.2"
                          },
                          {
                            "version_value": "6.3"
                          },
                          {
                            "version_value": "6.3.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "90526",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90526"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21980585",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1976",
    "datePublished": "2017-02-08T22:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:42.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4550
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-17 00:40
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.
References
https://www.ibm.com/support/pages/node/1288660x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165952vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1288660"
          },
          {
            "name": "ibm-sds-cve20194550-info-disc (165952)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165952"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:L/UI:N/PR:N/S:U/AV:N/AC:L/I:N/A:N/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T16:45:35",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1288660"
        },
        {
          "name": "ibm-sds-cve20194550-info-disc (165952)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165952"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-03T00:00:00",
          "ID": "CVE-2019-4550",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1288660",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1288660 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1288660"
            },
            {
              "name": "ibm-sds-cve20194550-info-disc (165952)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165952"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4550",
    "datePublished": "2020-02-04T16:45:35.901052Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:40:54.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4551
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-16 23:46
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.
References
https://www.ibm.com/support/pages/node/1288660x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165953vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1288660"
          },
          {
            "name": "ibm-sds-cve20194551-info-disc (165953)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165953"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:L/UI:N/PR:N/S:U/AV:N/AC:L/A:N/I:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T16:45:36",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1288660"
        },
        {
          "name": "ibm-sds-cve20194551-info-disc (165953)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165953"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-03T00:00:00",
          "ID": "CVE-2019-4551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1288660",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1288660 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1288660"
            },
            {
              "name": "ibm-sds-cve20194551-info-disc (165953)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165953"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4551",
    "datePublished": "2020-02-04T16:45:36.361976Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T23:46:52.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4542
Vulnerability from cvelistv5
Published
2019-10-02 14:45
Modified
2024-09-16 21:02
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815.
References
https://www.ibm.com/support/pages/node/1077045x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165815vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1077045"
          },
          {
            "name": "ibm-sds-cve20194542-xss (165815)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2019-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:N/A:N/I:L/AV:N/S:C/C:L/AC:L/UI:R/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-02T14:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1077045"
        },
        {
          "name": "ibm-sds-cve20194542-xss (165815)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-01T00:00:00",
          "ID": "CVE-2019-4542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1077045",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1077045 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1077045"
            },
            {
              "name": "ibm-sds-cve20194542-xss (165815)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4542",
    "datePublished": "2019-10-02T14:45:29.955440Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T21:02:18.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4548
Vulnerability from cvelistv5
Published
2020-02-04 16:45
Modified
2024-09-16 22:51
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950.
References
https://www.ibm.com/support/pages/node/1288660x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165950vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1288660"
          },
          {
            "name": "ibm-sds-cve20194548-clickjacking (165950)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165950"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:N/S:C/UI:R/C:L/A:N/I:L/AC:L/AV:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T16:45:35",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1288660"
        },
        {
          "name": "ibm-sds-cve20194548-clickjacking (165950)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165950"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-03T00:00:00",
          "ID": "CVE-2019-4548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1288660",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1288660 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1288660"
            },
            {
              "name": "ibm-sds-cve20194548-clickjacking (165950)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165950"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4548",
    "datePublished": "2020-02-04T16:45:35.465835Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T22:51:24.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4563
Vulnerability from cvelistv5
Published
2020-10-29 15:50
Modified
2024-09-16 19:46
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
References
https://www.ibm.com/support/pages/node/6356607x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/166624vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6356607"
          },
          {
            "name": "ibm-sds-cve20194563-info-disc (166624)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.2,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:N/AV:N/C:L/A:N/UI:N/AC:H/S:U/PR:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T15:50:32",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6356607"
        },
        {
          "name": "ibm-sds-cve20194563-info-disc (166624)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-10-28T00:00:00",
          "ID": "CVE-2019-4563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6356607",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6356607 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/6356607"
            },
            {
              "name": "ibm-sds-cve20194563-info-disc (166624)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4563",
    "datePublished": "2020-10-29T15:50:32.339921Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T19:46:25.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4547
Vulnerability from cvelistv5
Published
2020-10-29 15:50
Modified
2024-09-17 03:48
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
References
https://www.ibm.com/support/pages/node/6356607x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165949vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.465Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6356607"
          },
          {
            "name": "ibm-sds-cve20194547-info-disc (165949)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2020-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:N/AC:L/A:N/UI:N/S:U/I:N/AV:N/C:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T15:50:31",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6356607"
        },
        {
          "name": "ibm-sds-cve20194547-info-disc (165949)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-10-28T00:00:00",
          "ID": "CVE-2019-4547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6356607",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6356607 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/6356607"
            },
            {
              "name": "ibm-sds-cve20194547-info-disc (165949)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4547",
    "datePublished": "2020-10-29T15:50:31.919460Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T03:48:21.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4538
Vulnerability from cvelistv5
Published
2019-10-02 14:45
Modified
2024-09-16 18:39
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Summary
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.
References
https://www.ibm.com/support/pages/node/1077045x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165660vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1077045"
          },
          {
            "name": "ibm-sds-cve20194538-open-redirect (165660)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165660"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "datePublic": "2019-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:N/A:N/I:H/AV:N/S:C/C:N/AC:L/UI:R/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-02T14:45:28",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1077045"
        },
        {
          "name": "ibm-sds-cve20194538-open-redirect (165660)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165660"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-01T00:00:00",
          "ID": "CVE-2019-4538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Directory Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "H",
              "PR": "N",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1077045",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1077045 (Security Directory Server)",
              "url": "https://www.ibm.com/support/pages/node/1077045"
            },
            {
              "name": "ibm-sds-cve20194538-open-redirect (165660)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165660"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4538",
    "datePublished": "2019-10-02T14:45:29.063624Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:39:34.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33161
Vulnerability from cvelistv5
Published
2023-10-14 14:14
Modified
2024-09-16 20:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.
References
https://www.ibm.com/support/pages/node/7047116vendor-advisory
https://www.ibm.com/support/pages/node/7047428vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/228569vdb-entry
Impacted products
Vendor Product Version
IBM Security Directory Server Version: 6.4.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047116"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7047428"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228569"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33161",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T20:10:46.046704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T20:11:01.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Security Directory Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.  X-Force ID:  228569."
            }
          ],
          "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.  X-Force ID:  228569."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-311",
              "description": "CWE-311 Missing Encryption of Sensitive Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-14T14:14:04.692Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047116"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7047428"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228569"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Directory Server information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-33161",
    "datePublished": "2023-10-14T14:14:04.692Z",
    "dateReserved": "2022-06-13T16:18:00.246Z",
    "dateUpdated": "2024-09-16T20:11:01.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2014-01-27 16:55
Modified
2024-11-21 01:59
Severity ?
Summary
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain.
References
psirt@us.ibm.comhttp://osvdb.org/102556
psirt@us.ibm.comhttp://secunia.com/advisories/56698
psirt@us.ibm.comhttp://secunia.com/advisories/56699
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21662902Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21669554Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676091Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21676092Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1029687
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/89863
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102556
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56698
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56699
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21662902Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21669554Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676091Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21676092Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029687
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89863
Impacted products
Vendor Product Version
ibm global_security_kit 8.5
ibm global_security_kit 7.0
ibm global_security_kit 7.0.4.28
ibm global_security_kit 7.0.4.29
ibm global_security_kit 8.0
ibm global_security_kit 8.0.13
ibm security_directory_server -
ibm tivoli_directory_server -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF70503-E817-4C61-9D3C-DC1DD686E26F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35B7413-2886-47B7-B24B-0A110EC5235F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD561AD-2421-4AA6-B3C5-6536F6933526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E509BA-4B47-4EDE-86DC-2E666D2D74E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93634D15-AB7C-412E-8F16-93D44FC9FA20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:8.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "06AB7743-1AA2-4726-B96F-D98C2815BA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3AF8C4-B43B-48D7-8A73-A670E90E20C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF51C894-8EE2-46CA-B625-32EC718C3DE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain."
    },
    {
      "lang": "es",
      "value": "IBM GSKit 7.x anterior a la versi\u00f3n 7.0.4.48 y 8.x anterior a 8.0.50.16, tal como se usa en IBM Security Directory Server (ISDS) y Tivoli Directory Server (TDS), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n o cuelgue) a trav\u00e9s de una cadena de certificados."
    }
  ],
  "id": "CVE-2013-6747",
  "lastModified": "2024-11-21T01:59:39.440",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-27T16:55:04.287",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/102556"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/56698"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/56699"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662902"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1029687"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89863"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-10-14 15:15
Modified
2024-11-21 07:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/228569VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7047116Patch, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7047428Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/228569VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7047116Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7047428Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_integrator 7.2.0
ibm security_directory_server 6.4.0.0
ibm security_directory_suite 8.0.1
ibm security_verify_directory 10.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A1A95C-1687-4304-88C5-1BEB58BBC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_suite:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41F379B-77B9-4D07-AF10-14C4A000ECA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "213D3285-0B6B-49AD-81C2-7265F3349B09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.  X-Force ID:  228569."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server 6.4.0 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial, causada por una falla al habilitar correctamente HTTP Strict Transport Security. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial utilizando t\u00e9cnicas de intermediario. ID de IBM X-Force: 228569."
    }
  ],
  "id": "CVE-2022-33161",
  "lastModified": "2024-11-21T07:07:37.533",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-14T15:15:09.723",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228569"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047116"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047428"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165953VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165953VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3E5963-1D46-4070-87A8-2996B2C8F032",
              "versionEndExcluding": "6.4.0.20",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, no realiza una comprobaci\u00f3n de autenticaci\u00f3n para un recurso cr\u00edtico o funcionalidad, permitiendo a usuarios an\u00f3nimos acceder a \u00e1reas protegidas. ID de IBM X-Force: 165953."
    }
  ],
  "id": "CVE-2019-4551",
  "lastModified": "2024-11-21T04:43:43.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-04T17:15:12.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165953"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-10-14 15:15
Modified
2024-11-21 07:06
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/228505VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7047428Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/228505VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7047428Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0.0
ibm security_directory_suite 8.0.1
ibm security_verify_directory 10.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_suite:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41F379B-77B9-4D07-AF10-14C4A000ECA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "213D3285-0B6B-49AD-81C2-7265F3349B09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  228505."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server 6.4.0 es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. ID de IBM X-Force: 228505."
    }
  ],
  "id": "CVE-2022-32755",
  "lastModified": "2024-11-21T07:06:53.963",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-14T15:15:09.643",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228505"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7047428"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-91"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-07-25 18:15
Modified
2024-11-21 09:06
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/285645VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7161448Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/285645VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7161448Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_integrator 7.2.0
ibm security_directory_server -
ibm security_verify_access 10.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A1A95C-1687-4304-88C5-1BEB58BBC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3AF8C4-B43B-48D7-8A73-A670E90E20C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7548DF30-5F20-4A0E-97B2-D33BEE9D4785",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  285645."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 son vulnerables a Cross Site Scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 285645."
    }
  ],
  "id": "CVE-2024-28772",
  "lastModified": "2024-11-21T09:06:55.327",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-25T18:15:03.470",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285645"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7161448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7161448"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-09-08 20:15
Modified
2024-11-21 07:07
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/228579VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7031021Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/228579VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7031021Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 7.2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70F0395-89C4-4AC1-BD60-A5ECE55AB0AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view or write to arbitrary files on the system.  IBM X-Force ID:  228579."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server 7.2.0 podr\u00eda permitir a un atacante remoto recorrer directorios del sistema. Un atacante podr\u00eda enviar una solicitud de direcci\u00f3n URL especialmente manipulada que contuviera secuencias \"dot dot\" (/.. /) para ver o escribir en archivos arbitrarios en el sistema. ID de IBM X-Force: 228579."
    }
  ],
  "id": "CVE-2022-33164",
  "lastModified": "2024-11-21T07:07:37.870",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-08T20:15:14.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228579"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7031021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7031021"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-29 16:15
Modified
2024-11-21 04:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165949VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6356607Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165949VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6356607Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, genera un mensaje de error que incluye informaci\u00f3n confidencial sobre su entorno, usuarios o datos asociados.\u0026#xa0;IBM X-Force ID: 165949"
    }
  ],
  "id": "CVE-2019-4547",
  "lastModified": "2024-11-21T04:43:42.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-29T16:15:12.760",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6356607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6356607"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-02 15:15
Modified
2024-11-21 04:43
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Summary
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165660VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165660VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30CF683-05B0-4056-AD7C-B9A2278A1B19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, podr\u00eda permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto. Al persuadir a una v\u00edctima para que visite un sitio web especialmente dise\u00f1ado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL desplegada para redireccionar a un usuario hacia un sitio web malicioso que pareciera ser confiable. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente confidencial o realizar futuros ataques contra la v\u00edctima. ID de IBM X-Force: 165660."
    }
  ],
  "id": "CVE-2019-4538",
  "lastModified": "2024-11-21T04:43:42.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T15:15:10.497",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165660"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165814VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165814VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3E5963-1D46-4070-87A8-2996B2C8F032",
              "versionEndExcluding": "6.4.0.20",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, usa listas negras incompletas para la comprobaci\u00f3n de entrada que permite a atacantes omitir los controles de la aplicaci\u00f3n, resultando en un impacto directo al sistema y la integridad de los datos. ID de IBM X-Force: 165814."
    }
  ],
  "id": "CVE-2019-4541",
  "lastModified": "2024-11-21T04:43:42.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-04T17:15:12.420",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165814"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/166623VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/166623VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3E5963-1D46-4070-87A8-2996B2C8F032",
              "versionEndExcluding": "6.4.0.20",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, almacena informaci\u00f3n confidencial en URL. Esto puede conllevar a una divulgaci\u00f3n de informaci\u00f3n si partes no autorizadas tienen acceso a las URL por medio de registros del servidor, encabezado de referencia o historial del navegador. ID de IBM X-Force: 166623."
    }
  ],
  "id": "CVE-2019-4562",
  "lastModified": "2024-11-21T04:43:44.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-04T17:15:12.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166623"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-08 22:59
Modified
2024-11-21 02:26
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21980585Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/90526Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21980585Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/90526Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm security_directory_server *
ibm security_directory_server *
ibm tivoli_directory_server *
ibm tivoli_directory_server *
ibm tivoli_directory_server *
ibm tivoli_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45BCC2A7-717C-48ED-A18D-D53DB5C5494C",
              "versionEndIncluding": "6.3.1.15",
              "versionStartIncluding": "6.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED8B510-A1AD-4D44-A1A6-BFB598A7B01D",
              "versionEndIncluding": "6.4.0.6",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "373090C2-BA5E-4BAA-AFB0-A8177C3A0D91",
              "versionEndIncluding": "6.0.0.77",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "613173B1-55AA-4847-8874-A8A3C7478B7A",
              "versionEndIncluding": "6.1.0.72",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B901486-F601-4CB5-827A-88EF84D62FAC",
              "versionEndIncluding": "6.2.0.48",
              "versionStartIncluding": "6.2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82CE5FEE-59BA-4618-9E6B-A85C99E6C31B",
              "versionEndIncluding": "6.3.0.41",
              "versionStartIncluding": "6.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server podr\u00eda permitir a un usuario autenticado ejecutar comandos en la herramienta de administraci\u00f3n web que causar\u00eda la ca\u00edda de la herramienta."
    }
  ],
  "id": "CVE-2015-1976",
  "lastModified": "2024-11-21T02:26:30.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-08T22:59:00.150",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/90526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/90526"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165952VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165952VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3E5963-1D46-4070-87A8-2996B2C8F032",
              "versionEndExcluding": "6.4.0.20",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, se implementa con un c\u00f3digo de depuraci\u00f3n activo que puede crear puntos de entrada no previstos. ID de IBM X-Force: 165952."
    }
  ],
  "id": "CVE-2019-4550",
  "lastModified": "2024-11-21T04:43:43.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-04T17:15:12.640",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165952"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165950VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165950VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3E5963-1D46-4070-87A8-2996B2C8F032",
              "versionEndExcluding": "6.4.0.20",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, podr\u00eda permitir a un atacante remoto secuestrar la acci\u00f3n de cliqueo de la v\u00edctima. Al persuadir a una v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar las acciones de cliqueo de la v\u00edctima y posiblemente iniciar nuevos ataques contra la v\u00edctima. ID de IBM X-Force: 165950."
    }
  ],
  "id": "CVE-2019-4548",
  "lastModified": "2024-11-21T04:43:43.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-04T17:15:12.513",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165950"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1021"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-29 16:15
Modified
2024-11-21 04:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/166624VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6356607Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/166624VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6356607Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server 6.4.0, no establece el atributo seguro en tokens de autorizaci\u00f3n o cookies de sesi\u00f3n.\u0026#xa0;Los atacantes pueden ser capaces de obtener los valores de las cookies mediante el env\u00edo de un enlace http:// hacia un usuario o al colocar este enlace en un sitio al que el usuario accede.\u0026#xa0;La cookie ser\u00e1 enviada hacia el enlace no seguro y el atacante podr\u00e1 obtener el valor de la cookie rastreando el tr\u00e1fico.\u0026#xa0;IBM X-Force ID: 166624"
    }
  ],
  "id": "CVE-2019-4563",
  "lastModified": "2024-11-21T04:43:44.617",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-29T16:15:12.867",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6356607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6356607"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-02 15:15
Modified
2024-11-21 04:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165951VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165951VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30CF683-05B0-4056-AD7C-B9A2278A1B19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, divulga informaci\u00f3n confidencial a usuarios no autorizados. La informaci\u00f3n puede ser usada para montar futuros ataques sobre el sistema. ID de IBM X-Force: 165951."
    }
  ],
  "id": "CVE-2019-4549",
  "lastModified": "2024-11-21T04:43:43.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T15:15:10.670",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165951"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-02 15:15
Modified
2024-11-21 04:43
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165812VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165812VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30CF683-05B0-4056-AD7C-B9A2278A1B19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, no neutraliza apropiadamente los elementos especiales que son usados en XML, permitiendo a los atacantes modificar la sintaxis, el contenido o los comandos del XML antes de que sea procesado por un sistema final. ID de IBM X-Force: 165812."
    }
  ],
  "id": "CVE-2019-4539",
  "lastModified": "2024-11-21T04:43:42.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T15:15:10.547",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-91"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-02 15:15
Modified
2024-11-21 04:43
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165178VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165178VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30CF683-05B0-4056-AD7C-B9A2278A1B19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, utiliza una configuraci\u00f3n de bloqueo de cuenta inadecuada que podr\u00eda permitir a un atacante remoto forzar las credenciales de cuenta. ID de IBM X-Force: 165178."
    }
  ],
  "id": "CVE-2019-4520",
  "lastModified": "2024-11-21T04:43:41.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T15:15:10.450",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165178"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-19 01:55
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://secunia.com/advisories/61061
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21686581Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96005
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61061
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21686581Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/96005
Impacted products
Vendor Product Version
ibm security_directory_server 6.3.1
ibm security_directory_server 6.3.1.1
ibm security_directory_server 6.3.1.2
ibm security_directory_server 6.3.1.3
ibm security_directory_server 6.3.1.4
ibm security_directory_server 6.3.1.5
ibm security_directory_server 6.3.1.6
ibm tivoli_directory_server 6.1.0
ibm tivoli_directory_server 6.1.0.0
ibm tivoli_directory_server 6.1.0.1
ibm tivoli_directory_server 6.1.0.2
ibm tivoli_directory_server 6.1.0.3
ibm tivoli_directory_server 6.1.0.4
ibm tivoli_directory_server 6.1.0.5
ibm tivoli_directory_server 6.1.0.6
ibm tivoli_directory_server 6.1.0.7
ibm tivoli_directory_server 6.1.0.8
ibm tivoli_directory_server 6.1.0.9
ibm tivoli_directory_server 6.1.0.10
ibm tivoli_directory_server 6.1.0.11
ibm tivoli_directory_server 6.1.0.12
ibm tivoli_directory_server 6.1.0.13
ibm tivoli_directory_server 6.1.0.14
ibm tivoli_directory_server 6.1.0.15
ibm tivoli_directory_server 6.1.0.17
ibm tivoli_directory_server 6.1.0.18
ibm tivoli_directory_server 6.1.0.19
ibm tivoli_directory_server 6.1.0.20
ibm tivoli_directory_server 6.1.0.21
ibm tivoli_directory_server 6.1.0.22
ibm tivoli_directory_server 6.1.0.23
ibm tivoli_directory_server 6.1.0.24
ibm tivoli_directory_server 6.1.0.25
ibm tivoli_directory_server 6.1.0.26
ibm tivoli_directory_server 6.1.0.27
ibm tivoli_directory_server 6.1.0.28
ibm tivoli_directory_server 6.1.0.29
ibm tivoli_directory_server 6.1.0.30
ibm tivoli_directory_server 6.1.0.31
ibm tivoli_directory_server 6.1.0.32
ibm tivoli_directory_server 6.1.0.33
ibm tivoli_directory_server 6.1.0.34
ibm tivoli_directory_server 6.1.0.35
ibm tivoli_directory_server 6.1.0.36
ibm tivoli_directory_server 6.1.0.37
ibm tivoli_directory_server 6.1.0.38
ibm tivoli_directory_server 6.1.0.39
ibm tivoli_directory_server 6.1.0.45
ibm tivoli_directory_server 6.1.0.46
ibm tivoli_directory_server 6.1.0.47
ibm tivoli_directory_server 6.1.0.48
ibm tivoli_directory_server 6.1.0.63
ibm tivoli_directory_server 6.2
ibm tivoli_directory_server 6.2.0
ibm tivoli_directory_server 6.2.0.0
ibm tivoli_directory_server 6.2.0.1
ibm tivoli_directory_server 6.2.0.2
ibm tivoli_directory_server 6.2.0.3
ibm tivoli_directory_server 6.2.0.4
ibm tivoli_directory_server 6.2.0.5
ibm tivoli_directory_server 6.2.0.6
ibm tivoli_directory_server 6.2.0.7
ibm tivoli_directory_server 6.2.0.8
ibm tivoli_directory_server 6.2.0.10
ibm tivoli_directory_server 6.2.0.11
ibm tivoli_directory_server 6.2.0.12
ibm tivoli_directory_server 6.2.0.13
ibm tivoli_directory_server 6.2.0.14
ibm tivoli_directory_server 6.2.0.15
ibm tivoli_directory_server 6.2.0.19
ibm tivoli_directory_server 6.2.0.20
ibm tivoli_directory_server 6.2.0.21
ibm tivoli_directory_server 6.2.0.22
ibm tivoli_directory_server 6.2.0.38
ibm tivoli_directory_server 6.3.0
ibm tivoli_directory_server 6.3.0.0
ibm tivoli_directory_server 6.3.0.1
ibm tivoli_directory_server 6.3.0.2
ibm tivoli_directory_server 6.3.0.8
ibm tivoli_directory_server 6.3.0.9
ibm tivoli_directory_server 6.3.0.10
ibm tivoli_directory_server 6.3.0.32


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D71241-E8BE-4E48-8E25-DFCC919FF5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D9A14A-E167-49AF-B675-B7C7933F64D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E22DDAC-4419-4214-BBB8-4984AA8F9090",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC77DA6D-55EC-4B98-9E75-57F9AD0642DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0837005C-126A-4800-A3B1-74A22F0DC617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D1C332-CFFA-4FA5-9BEF-673BE30E8378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DE7246-2030-4F00-A3B5-B9E911441449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F468434-0317-435A-B2A6-5923A88A090F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79197BC-3BDF-4F38-B63F-1B2A658B645F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B1402A-B3C3-4210-928F-6EFCCE2DE1CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92D48F0B-C9E2-4381-8463-83FF47136EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36308D0C-D92C-4857-A857-097F383EE76C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84CEB80-796F-4928-A2A0-73E604543A70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "462385FC-F345-42EE-ABF0-E1781CC648A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10F3910-5616-41A2-A3BF-18FA4DD68631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C34738-5F9B-43A7-987F-EB805B31119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA93B63-9D15-4784-8585-DBC139A382E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D84E30-1F23-4A6A-B622-78DBEEBEFB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C9A7DF-6968-41CC-911A-B746CB43AA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA493E1-F791-4FE5-9F7E-36CAC0D942C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7365156-4EA3-476A-A395-FADEDF1BA80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "321B15BC-2653-4B64-A5AE-9FCA6A08713C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A1B527B-E07D-4543-92A6-0EE58CB8FECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CDBA9D2-E683-431A-B06C-5CCA55E44EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF4AFCB-755A-40E9-AB2B-4FDFD10B0388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "86556AFA-F4F5-4C29-B59D-DC5281375E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E16D75E-7678-48AF-AA2D-33C167ACC99E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB97A26-E8A9-418C-87C9-F4837BF6680A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFFA6A4C-8EE2-4898-9AEB-CA5EBE4BC5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "3922010D-4867-402C-9EC5-98FDEB281EA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC6C026-A23F-4A12-BE0C-3333B9D5A0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "297D92F4-51B0-4DC0-B872-984AD0A6008F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B93E759-1B76-421D-9684-F6FF77A99E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "344605B3-15C9-4E36-A22B-7EBC1207A03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15D60CA-8B3C-48D7-A860-1B72BCA14CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD03B74B-E234-4757-8D98-896DEA4CED7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF9CDD0-3F78-4489-A18D-40A1FAF705F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBF6D03-9A58-477D-B5D0-030A373A58AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7636BE-22BB-44C3-B303-9780E2A24487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4E6E83-914D-467F-9EEA-56669B95CCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BBCED9-4260-40DC-A9A6-40CDB09BA92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D297D508-ACC2-41E7-B3F5-5AEDFE3E2453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBD3BA3E-E015-4CB7-B686-19F45F8221C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F615EC-7530-468D-B62E-B07A1FE0431B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E278A8E-D7B6-450C-92D6-9955B22E18C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9D85F4-1019-419D-8769-B1636385384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "18ABDC8A-118C-4A35-A396-1020A9469D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "38204AD1-BF0E-4521-9EE6-66214B4A353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "218DD29F-18C9-489D-9273-4705BFCDE0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B7FD9C-FEA9-4001-BD48-10B02B38989E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5682108-A76B-443A-A172-7F17F54B5983",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7165C049-258B-425D-B36B-152BBF3F8727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBAF2E5-4931-41AF-BCDA-D769B06FB05E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "98186E56-0F75-4306-9E34-A388EA2FD6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC2A00D-4A9E-4BB7-81E6-A0D3A8434EA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CB6BE6-C851-4C31-A016-CCD4937277D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2260260B-B69E-4B59-A0D1-1F71B92ABDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BFF1C8-8AEA-43FC-B76C-F4A44A713F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08631DE-72C4-462B-9763-41783EA8963C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "50315494-8C1B-436B-8E24-8B8CA565FB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2759F8BC-8400-4AB1-81DD-51BD69BB720E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEEB330D-5FC6-424B-85EF-06A56329FFEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3588C1D0-3C8F-4C7A-A7F7-94EE51FA7ECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DE5E95-BA4A-42A2-B376-373331D9934E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5D35E5-AFBE-4D90-9E89-9251C45CF0DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "B87492D7-D0C6-4E4A-87B3-F44BC3149101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "262F93A7-54A6-4D06-B5D1-FF6F7740044B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4798A6D-E4F3-4481-B2C2-DCA4BCD97572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE5E8D59-79F9-46D1-A1A7-608FA49F7121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8B3BE0-2515-4CB1-B124-5462703CD32B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DD471E9-2DD0-4364-ABC2-9CFC0747A477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C3DDD9-9013-414E-B5EB-65F576E12778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D872267B-B01D-4723-A522-8CDF684CB980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2234E088-31ED-4BBF-94C5-131E3B0CB994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCF803A-86AE-4875-ABD8-2DDB44D88F56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3E505A-C749-4465-964F-0699DB9C094A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B64779-4C28-4538-8F3C-EE32152AA8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEFC8686-795C-455B-B411-BD56E91683CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la interfaz del usuario de administraci\u00f3n en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 anterior a 6.2.0.39-ISS-ITDS-FP0039, y 6.3 anterior a 6.3.0.33-ISS-ITDS-IF0033, e IBM Security Directory Server 6.3.1 anterior a 6.3.1.7-ISS-ISDS-IF0007, permite a usuarios remotos autenticados inyectar secuencias de comandos web a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2014-6100",
  "lastModified": "2024-11-21T02:13:46.730",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-10-19T01:55:15.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/61061"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-04 17:15
Modified
2024-11-21 04:43
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165813VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165813VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1288660Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A3E5963-1D46-4070-87A8-2996B2C8F032",
              "versionEndExcluding": "6.4.0.20",
              "versionStartIncluding": "6.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 165813."
    }
  ],
  "id": "CVE-2019-4540",
  "lastModified": "2024-11-21T04:43:42.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-04T17:15:12.327",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165813"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288660"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-07-25 18:15
Modified
2024-11-21 07:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/228565VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7161446Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/228565VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7161446Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_integrator 7.2.0
ibm security_directory_server -
ibm security_verify_access 10.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A1A95C-1687-4304-88C5-1BEB58BBC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3AF8C4-B43B-48D7-8A73-A670E90E20C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7548DF30-5F20-4A0E-97B2-D33BEE9D4785",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information.  IBM X-Force ID:  228565."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 utilizan una caducidad de sesi\u00f3n insuficiente, lo que podr\u00eda permitir que un usuario no autorizado obtenga informaci\u00f3n confidencial. ID de IBM X-Force: 228565."
    }
  ],
  "id": "CVE-2022-32759",
  "lastModified": "2024-11-21T07:06:54.370",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-25T18:15:02.917",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228565"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7161446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7161446"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-02 15:15
Modified
2024-11-21 04:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165815VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165815VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1077045Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm security_directory_server 6.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30CF683-05B0-4056-AD7C-B9A2278A1B19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815."
    },
    {
      "lang": "es",
      "value": "IBM Security Directory Server versi\u00f3n 6.4.0, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando de este modo la funcionalidad prevista conllevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 165815."
    }
  ],
  "id": "CVE-2019-4542",
  "lastModified": "2024-11-21T04:43:42.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T15:15:10.607",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077045"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-15 18:59
Modified
2024-11-21 02:26
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21986452Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21986452Vendor Advisory
Impacted products
Vendor Product Version
ibm tivoli_directory_server 6.2.0
ibm tivoli_directory_server 6.2.0.0
ibm tivoli_directory_server 6.2.0.1
ibm tivoli_directory_server 6.2.0.2
ibm tivoli_directory_server 6.2.0.3
ibm tivoli_directory_server 6.2.0.4
ibm tivoli_directory_server 6.2.0.5
ibm tivoli_directory_server 6.2.0.6
ibm tivoli_directory_server 6.2.0.7
ibm tivoli_directory_server 6.2.0.8
ibm tivoli_directory_server 6.2.0.10
ibm tivoli_directory_server 6.2.0.11
ibm tivoli_directory_server 6.2.0.12
ibm tivoli_directory_server 6.2.0.13
ibm tivoli_directory_server 6.2.0.14
ibm tivoli_directory_server 6.2.0.15
ibm tivoli_directory_server 6.2.0.19
ibm tivoli_directory_server 6.2.0.20
ibm tivoli_directory_server 6.2.0.21
ibm tivoli_directory_server 6.2.0.22
ibm tivoli_directory_server 6.2.0.23
ibm tivoli_directory_server 6.2.0.24
ibm tivoli_directory_server 6.2.0.25
ibm tivoli_directory_server 6.2.0.26
ibm tivoli_directory_server 6.2.0.27
ibm tivoli_directory_server 6.2.0.29
ibm tivoli_directory_server 6.2.0.30
ibm tivoli_directory_server 6.2.0.31
ibm tivoli_directory_server 6.2.0.32
ibm tivoli_directory_server 6.2.0.33
ibm tivoli_directory_server 6.2.0.34
ibm tivoli_directory_server 6.2.0.35
ibm tivoli_directory_server 6.2.0.36
ibm tivoli_directory_server 6.2.0.37
ibm tivoli_directory_server 6.2.0.38
ibm tivoli_directory_server 6.2.0.39
ibm tivoli_directory_server 6.2.0.40
ibm tivoli_directory_server 6.2.0.41
ibm tivoli_directory_server 6.2.0.42
ibm tivoli_directory_server 6.2.0.43
ibm tivoli_directory_server 6.2.0.44
ibm tivoli_directory_server 6.2.0.45
ibm tivoli_directory_server 6.2.0.46
ibm tivoli_directory_server 6.2.0.47
ibm tivoli_directory_server 6.2.0.48
ibm tivoli_directory_server 6.2.0.49
ibm tivoli_directory_server 6.3.0
ibm tivoli_directory_server 6.3.0.0
ibm tivoli_directory_server 6.3.0.1
ibm tivoli_directory_server 6.3.0.2
ibm tivoli_directory_server 6.3.0.8
ibm tivoli_directory_server 6.3.0.9
ibm tivoli_directory_server 6.3.0.10
ibm tivoli_directory_server 6.3.0.11
ibm tivoli_directory_server 6.3.0.12
ibm tivoli_directory_server 6.3.0.14
ibm tivoli_directory_server 6.3.0.15
ibm tivoli_directory_server 6.3.0.17
ibm tivoli_directory_server 6.3.0.18
ibm tivoli_directory_server 6.3.0.19
ibm tivoli_directory_server 6.3.0.21
ibm tivoli_directory_server 6.3.0.22
ibm tivoli_directory_server 6.3.0.23
ibm tivoli_directory_server 6.3.0.24
ibm tivoli_directory_server 6.3.0.25
ibm tivoli_directory_server 6.3.0.26
ibm tivoli_directory_server 6.3.0.27
ibm tivoli_directory_server 6.3.0.28
ibm tivoli_directory_server 6.3.0.29
ibm tivoli_directory_server 6.3.0.30
ibm tivoli_directory_server 6.3.0.31
ibm tivoli_directory_server 6.3.0.32
ibm tivoli_directory_server 6.3.0.33
ibm tivoli_directory_server 6.3.0.34
ibm tivoli_directory_server 6.3.0.35
ibm tivoli_directory_server 6.3.0.36
ibm tivoli_directory_server 6.3.0.37
ibm tivoli_directory_server 6.3.0.38
ibm tivoli_directory_server 6.3.0.39
ibm tivoli_directory_server 6.3.0.40
ibm tivoli_directory_server 6.3.0.41
ibm tivoli_directory_server 6.3.0.42
ibm tivoli_directory_server 6.3.1.0
ibm tivoli_directory_server 6.3.1.5
ibm tivoli_directory_server 6.3.1.6
ibm tivoli_directory_server 6.3.1.7
ibm tivoli_directory_server 6.3.1.8
ibm tivoli_directory_server 6.3.1.9
ibm tivoli_directory_server 6.1.0
ibm tivoli_directory_server 6.1.0.0
ibm tivoli_directory_server 6.1.0.1
ibm tivoli_directory_server 6.1.0.2
ibm tivoli_directory_server 6.1.0.3
ibm tivoli_directory_server 6.1.0.4
ibm tivoli_directory_server 6.1.0.5
ibm tivoli_directory_server 6.1.0.6
ibm tivoli_directory_server 6.1.0.7
ibm tivoli_directory_server 6.1.0.8
ibm tivoli_directory_server 6.1.0.9
ibm tivoli_directory_server 6.1.0.10
ibm tivoli_directory_server 6.1.0.11
ibm tivoli_directory_server 6.1.0.12
ibm tivoli_directory_server 6.1.0.13
ibm tivoli_directory_server 6.1.0.14
ibm tivoli_directory_server 6.1.0.15
ibm tivoli_directory_server 6.1.0.17
ibm tivoli_directory_server 6.1.0.18
ibm tivoli_directory_server 6.1.0.19
ibm tivoli_directory_server 6.1.0.20
ibm tivoli_directory_server 6.1.0.21
ibm tivoli_directory_server 6.1.0.22
ibm tivoli_directory_server 6.1.0.23
ibm tivoli_directory_server 6.1.0.24
ibm tivoli_directory_server 6.1.0.25
ibm tivoli_directory_server 6.1.0.26
ibm tivoli_directory_server 6.1.0.27
ibm tivoli_directory_server 6.1.0.28
ibm tivoli_directory_server 6.1.0.29
ibm tivoli_directory_server 6.1.0.30
ibm tivoli_directory_server 6.1.0.31
ibm tivoli_directory_server 6.1.0.32
ibm tivoli_directory_server 6.1.0.33
ibm tivoli_directory_server 6.1.0.34
ibm tivoli_directory_server 6.1.0.35
ibm tivoli_directory_server 6.1.0.36
ibm tivoli_directory_server 6.1.0.37
ibm tivoli_directory_server 6.1.0.38
ibm tivoli_directory_server 6.1.0.39
ibm tivoli_directory_server 6.1.0.40
ibm tivoli_directory_server 6.1.0.41
ibm tivoli_directory_server 6.1.0.42
ibm tivoli_directory_server 6.1.0.43
ibm tivoli_directory_server 6.1.0.44
ibm tivoli_directory_server 6.1.0.45
ibm tivoli_directory_server 6.1.0.46
ibm tivoli_directory_server 6.1.0.47
ibm tivoli_directory_server 6.1.0.48
ibm tivoli_directory_server 6.1.0.49
ibm tivoli_directory_server 6.1.0.50
ibm tivoli_directory_server 6.1.0.51
ibm tivoli_directory_server 6.1.0.52
ibm tivoli_directory_server 6.1.0.53
ibm tivoli_directory_server 6.1.0.54
ibm tivoli_directory_server 6.1.0.55
ibm tivoli_directory_server 6.1.0.56
ibm tivoli_directory_server 6.1.0.57
ibm tivoli_directory_server 6.1.0.58
ibm tivoli_directory_server 6.1.0.59
ibm tivoli_directory_server 6.1.0.60
ibm tivoli_directory_server 6.1.0.61
ibm tivoli_directory_server 6.1.0.62
ibm tivoli_directory_server 6.1.0.63
ibm tivoli_directory_server 6.1.0.64
ibm tivoli_directory_server 6.1.0.65
ibm tivoli_directory_server 6.1.0.66
ibm tivoli_directory_server 6.1.0.67
ibm tivoli_directory_server 6.1.0.68
ibm tivoli_directory_server 6.1.0.69
ibm tivoli_directory_server 6.1.0.70
ibm tivoli_directory_server 6.1.0.71
ibm tivoli_directory_server 6.1.0.72
ibm tivoli_directory_server 6.1.0.73
ibm security_directory_server 6.4.0
ibm security_directory_server 6.4.0.0
ibm security_directory_server 6.4.0.1
ibm security_directory_server 6.4.0.2
ibm security_directory_server 6.4.0.3
ibm security_directory_server 6.4.0.4
ibm security_directory_server 6.4.0.5
ibm security_directory_server 6.4.0.6
ibm security_directory_server 6.4.0.7
ibm security_directory_server 6.4.0.8
ibm security_directory_server 6.3.1
ibm security_directory_server 6.3.1.0
ibm security_directory_server 6.3.1.1
ibm security_directory_server 6.3.1.2
ibm security_directory_server 6.3.1.3
ibm security_directory_server 6.3.1.4
ibm security_directory_server 6.3.1.5
ibm security_directory_server 6.3.1.6
ibm security_directory_server 6.3.1.7
ibm security_directory_server 6.3.1.8
ibm security_directory_server 6.3.1.9
ibm security_directory_server 6.3.1.10
ibm security_directory_server 6.3.1.11
ibm security_directory_server 6.3.1.12
ibm security_directory_server 6.3.1.13
ibm security_directory_server 6.3.1.14
ibm security_directory_server 6.3.1.15
ibm security_directory_server 6.3.1.16
ibm security_directory_server 6.3.1.17


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7165C049-258B-425D-B36B-152BBF3F8727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBAF2E5-4931-41AF-BCDA-D769B06FB05E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "98186E56-0F75-4306-9E34-A388EA2FD6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC2A00D-4A9E-4BB7-81E6-A0D3A8434EA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CB6BE6-C851-4C31-A016-CCD4937277D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2260260B-B69E-4B59-A0D1-1F71B92ABDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BFF1C8-8AEA-43FC-B76C-F4A44A713F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08631DE-72C4-462B-9763-41783EA8963C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "50315494-8C1B-436B-8E24-8B8CA565FB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2759F8BC-8400-4AB1-81DD-51BD69BB720E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEEB330D-5FC6-424B-85EF-06A56329FFEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3588C1D0-3C8F-4C7A-A7F7-94EE51FA7ECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DE5E95-BA4A-42A2-B376-373331D9934E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5D35E5-AFBE-4D90-9E89-9251C45CF0DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "B87492D7-D0C6-4E4A-87B3-F44BC3149101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "262F93A7-54A6-4D06-B5D1-FF6F7740044B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4798A6D-E4F3-4481-B2C2-DCA4BCD97572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE5E8D59-79F9-46D1-A1A7-608FA49F7121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8B3BE0-2515-4CB1-B124-5462703CD32B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B735E0-B531-4684-8BF5-0540F5B8FBEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "677E05F0-F000-4C5F-83D7-7E2ED5CCB0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E923364-6895-4B51-9C3F-B150EC6A541D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F288406-D938-415D-AD92-F8AFC7219691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "08BBE891-2D1F-485D-A509-1A851CE83111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6771D20-C32B-4324-89E6-387724922D37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC8A4729-46F8-44BE-B31C-FFB761C17D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "C87A9397-6290-4D19-8A80-0D439B5915A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC60F206-4C09-4E06-98F5-8B4C85714803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F293FC-C7C7-41A3-A5B0-5203B000D41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC09987-98C8-4395-871F-E45C9745ACD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAB52381-38CB-4B68-9515-019FE318CA92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F3261B-9595-493A-9CFB-F3C049C570C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD872AF-0478-457D-87DA-FC125378411F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DD471E9-2DD0-4364-ABC2-9CFC0747A477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A40152-B83F-454A-A94E-F694512F56FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AE73B82-CC1C-4F5D-A8D3-7AD151665B73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "5365E6BD-067B-46F8-A2F6-B46801B55FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7EA7C3-A9AE-4C55-88FC-06DA3A03766A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "18669C8F-8187-4AFF-8352-53F0BCB3250E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BED472B-2F14-4BA5-97A2-BE956790BCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "452BF23D-E083-431A-9D8C-601AE9E80EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "152DA7E5-A00D-4E20-AE94-AF9C0339A378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DDE3BFF-FB14-4021-BD99-3D4E67AFF9D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "E12F3696-BE10-414C-AABC-20678582E27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "168B8B0B-A76D-453D-8E4A-7CEE8C20CD2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C3DDD9-9013-414E-B5EB-65F576E12778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D872267B-B01D-4723-A522-8CDF684CB980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2234E088-31ED-4BBF-94C5-131E3B0CB994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCF803A-86AE-4875-ABD8-2DDB44D88F56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3E505A-C749-4465-964F-0699DB9C094A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B64779-4C28-4538-8F3C-EE32152AA8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A389475F-F043-40B7-894E-C8338EF86C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD77105-5410-474A-B42F-5CC69CB5FDE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "869DB569-F140-4AD9-B230-2A5752BAEA8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5545F04-B8D1-48FB-BDAD-27E1260AEB97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A2FA81-F8D6-4255-8F55-A0B746D84691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C950A3E7-7CD2-4BB2-89B4-C708735371A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC98E9A-E879-4A28-93E9-0977F7B4C860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF81D730-514C-4A9A-8683-54A1AD4E8F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6369ACB4-475E-4349-A6C3-7B718660F65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3EEB0C-7CFC-4CB3-A177-6A59BD4A68C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B3EE13-1C01-49DD-A642-C061783D958B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "B30DA3DA-82E3-4E8D-9077-66AE9B5A374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70DE3A2-A6D7-4493-9182-1C0B7FBDF90F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "403A84D2-4D3E-483B-A14A-AF1CEF06B9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B3CD94-82B3-4265-9A9E-2F008F7051E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0BFB392-F7EE-4448-A3AA-65E3269C1DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A621A28-D193-4C1B-8008-422DCE5229ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "378EB8A4-7F3A-463A-8D12-83800BC0C0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEFC8686-795C-455B-B411-BD56E91683CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "59568EE3-3365-4864-BAAB-CE56DE2420ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E3A04A-B6F9-4C69-8A4D-4415D10C73C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB5DAFE9-F022-4240-AFDA-5B44E303F889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0F83AF-9EEE-4FA6-863D-8F431A4DBE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "0022037B-042F-4395-8B5A-551848255FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "77594440-BB78-4131-AD83-56F88AD42DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EAF5D43-946F-4910-BFAD-4C8000E288B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F2E5AF-F403-427F-B58C-A74849DFC0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "676FED1D-BFF8-44DF-B2B7-0B450B29AD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B9F7CDC-35BF-47CC-909F-CB3F76285A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6406B436-A4C1-4936-AF73-C62DC663588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "64144623-32F7-4FD7-AE40-875078EF6954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0BCFF6A-7A7F-4DB7-B2AC-54A35B4F006D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "94CFDA59-051E-46C0-814A-CDE82C29B3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1C266D-606B-47A3-898F-01D794F591E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F468434-0317-435A-B2A6-5923A88A090F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79197BC-3BDF-4F38-B63F-1B2A658B645F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B1402A-B3C3-4210-928F-6EFCCE2DE1CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92D48F0B-C9E2-4381-8463-83FF47136EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36308D0C-D92C-4857-A857-097F383EE76C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84CEB80-796F-4928-A2A0-73E604543A70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "462385FC-F345-42EE-ABF0-E1781CC648A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10F3910-5616-41A2-A3BF-18FA4DD68631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C34738-5F9B-43A7-987F-EB805B31119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA93B63-9D15-4784-8585-DBC139A382E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D84E30-1F23-4A6A-B622-78DBEEBEFB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C9A7DF-6968-41CC-911A-B746CB43AA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA493E1-F791-4FE5-9F7E-36CAC0D942C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7365156-4EA3-476A-A395-FADEDF1BA80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "321B15BC-2653-4B64-A5AE-9FCA6A08713C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A1B527B-E07D-4543-92A6-0EE58CB8FECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CDBA9D2-E683-431A-B06C-5CCA55E44EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF4AFCB-755A-40E9-AB2B-4FDFD10B0388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "86556AFA-F4F5-4C29-B59D-DC5281375E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E16D75E-7678-48AF-AA2D-33C167ACC99E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB97A26-E8A9-418C-87C9-F4837BF6680A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFFA6A4C-8EE2-4898-9AEB-CA5EBE4BC5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "3922010D-4867-402C-9EC5-98FDEB281EA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC6C026-A23F-4A12-BE0C-3333B9D5A0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "297D92F4-51B0-4DC0-B872-984AD0A6008F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B93E759-1B76-421D-9684-F6FF77A99E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "344605B3-15C9-4E36-A22B-7EBC1207A03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15D60CA-8B3C-48D7-A860-1B72BCA14CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD03B74B-E234-4757-8D98-896DEA4CED7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF9CDD0-3F78-4489-A18D-40A1FAF705F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBF6D03-9A58-477D-B5D0-030A373A58AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7636BE-22BB-44C3-B303-9780E2A24487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4E6E83-914D-467F-9EEA-56669B95CCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BBCED9-4260-40DC-A9A6-40CDB09BA92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D297D508-ACC2-41E7-B3F5-5AEDFE3E2453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBD3BA3E-E015-4CB7-B686-19F45F8221C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F615EC-7530-468D-B62E-B07A1FE0431B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E278A8E-D7B6-450C-92D6-9955B22E18C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9D85F4-1019-419D-8769-B1636385384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D3F8DB-C145-403F-92DE-CF4D5DC83177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE3E56E-95DC-4706-9FBE-622FFA9C8092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "684BD112-7763-4901-973C-D2ABB10CCE3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "311FA0A0-FACB-4A20-AA75-35EF1FF6F0D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "16C8CA71-D7A8-4841-A895-E009F3552359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "18ABDC8A-118C-4A35-A396-1020A9469D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "38204AD1-BF0E-4521-9EE6-66214B4A353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "218DD29F-18C9-489D-9273-4705BFCDE0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "3947B542-1356-4645-A792-E27DB2C07DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A69967-1505-45AB-B70B-9E9C15AB6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AE0B38-8249-4959-B031-996EC4EE92FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "0652BE9E-5EC8-436A-A88E-4707F36C5893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2541DAF-6093-4411-98C6-A41F49D224D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC763F0-71C3-494C-AD5D-A3389D643328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C19DFC0-14CC-456D-AC84-D9F634F9734F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D2BE5F0-CEEB-480A-9B80-D08142659C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "540FD770-3493-4C44-A3B4-2AB307E0B472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5F359B1-7984-4BB8-9408-440745AFBF4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "472B5989-E033-449C-AB90-E24FE7F99125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B938E8-26C7-425C-AA54-081FF3EC00F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "202262F1-6CB8-4235-B5F0-00FDC6FB614D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF29B53-180C-4B20-90D5-480C467F5746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B7FD9C-FEA9-4001-BD48-10B02B38989E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55B351A-E773-42F0-A7EA-F1874F7BCCCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "57FB18BD-4C72-436C-85CB-06037E2CFC1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC0FD9F-A137-4AD1-8F77-58E822070D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD21537-4540-4D74-80F9-5999A5506D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B343912-E222-4C9B-906A-1B3069D2231E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "A27D29E2-80FA-438C-AFE6-DEF78F79D2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D28A41B-CABC-4260-BF6F-21CAE3E53244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C702E7-1331-4E80-9C1D-72F8629F5D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7D24D3-628A-4C33-AA03-84AB1DF41344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9EC9115-FBCC-4A87-B0E5-BB13C3982338",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30CF683-05B0-4056-AD7C-B9A2278A1B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB4913DA-4540-46BA-A249-D635D67D829F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9602D062-F243-428F-8938-0805B9BEFB49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "189C9DEF-136A-46AB-B320-6934C313DA8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "832EE5FD-B99D-4F5F-B41E-E0893E63E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F62A02C-E84B-4570-BAB6-995E423173A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D879EBF4-894C-4272-B8D9-1E5E34187BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F2E7CC-C7CF-4817-857B-886961BC0811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C2CA356-BF67-4B67-9355-62ED2057F534",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D71241-E8BE-4E48-8E25-DFCC919FF5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6207324-D4F6-4FD6-97C2-3AA3C124E6F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D9A14A-E167-49AF-B675-B7C7933F64D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E22DDAC-4419-4214-BBB8-4984AA8F9090",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC77DA6D-55EC-4B98-9E75-57F9AD0642DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0837005C-126A-4800-A3B1-74A22F0DC617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D1C332-CFFA-4FA5-9BEF-673BE30E8378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DE7246-2030-4F00-A3B5-B9E911441449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F43466E-EF4B-48D8-A04C-90C010C895BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4D2984-27DA-4145-948C-6A4598AD93CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9DC7E6-AD81-4A18-89B3-BC85538F5D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ADD2FE5-C458-49A6-B3BA-8A699AD4F67D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A48BD98-4EF8-4DD3-9FFB-137FC6D88360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C7EA5F-FA03-496A-9985-5C2216D7BF6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1852806-44FC-4CFA-A62D-AA7DC5B53B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1ACED89-C2B6-4DD1-A479-7D24D1BC0629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "535B9657-0138-42BA-814A-17862CBD460C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "87FE5D8D-0897-44B9-BE7A-C95F42E53A76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "7319134D-22D3-4618-944A-7D2443E7839F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la herramienta Web Administration en IBM Tivoli Directory Server (ITDS) en versiones anteriores a 6.1.0.74-ISS-ISDS-IF0074, 6.2.x en versiones anteriores a 6.2.0.50-ISS-ISDS-IF0050 y 6.3.x en versiones anteriores a 6.3.0.43-ISS-ISDS-IF0043 y IBM Security Directory Server (ISDS) en versiones anteriores a 6.3.1.18-ISS-ISDS-IF0018 y 6.4.x en versiones anteriores a 6.4.0.9-ISS-ISDS-IF0009 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de .. (punto punto) en una URL."
    }
  ],
  "id": "CVE-2015-1977",
  "lastModified": "2024-11-21T02:26:30.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-15T18:59:00.140",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}