cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-33162,https://securityvulnerability.io/vulnerability/CVE-2022-33162," authentication vulnerability in Security Directory Integrator","The vulnerability in IBM Security Directory Integrator and Security Verify Directory Integrator stems from a failure to authenticate certain operations that should require validated user identities. This oversight allows standard unprivileged users to carry out actions that can consume extensive resources, potentially disrupting normal operations. Proper authentication mechanisms should be enforced to mitigate risks associated with unauthorized activities.",IBM,"Security Directory Integrator,Security Verify Directory Integrator",9.8,CRITICAL,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-08-16T18:33:35.966Z,0
CVE-2022-33167,https://securityvulnerability.io/vulnerability/CVE-2022-33167,IBM Security Directory Integrator Vulnerability,"A vulnerability exists in IBM Security Directory Integrator and IBM Security Verify Directory Integrator that allows attackers to gain unauthorized access to sensitive information. This arises from a failure to properly implement the HTTPOnly flag, which can leave vulnerable cookies accessible to remote attackers. By exploiting this issue, attackers could potentially retrieve sensitive data from cookies, posing significant risks to user privacy and data integrity. Organizations using affected versions should prioritize timely updates and mitigations to safeguard sensitive information.",IBM,"Security Directory Integrator,Security Verify Directory Integrator",7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-07-30T17:05:35.007Z,0
CVE-2024-28772,https://securityvulnerability.io/vulnerability/CVE-2024-28772,IBM Security Products Vulnerable to Stored Cross-Site Scripting,IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  285645.,IBM,"Security Directory Integrator,Security Verify Directory Integrator",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-25T18:15:00.000Z,0
CVE-2022-32759,https://securityvulnerability.io/vulnerability/CVE-2022-32759,Insufficient Session Expiration Could Lead to Sensitive Information Theft,"The vulnerability affects IBM Security Directory Integrator and IBM Security Verify Directory Integrator due to insufficient session expiration mechanisms. This flaw can potentially enable unauthorized users to gain access to sensitive information, compromising the integrity of the system. Organizations utilizing these products should review their session management practices to mitigate the risk associated with this vulnerability.",IBM,"Security Directory Integrator,Security Verify Directory Integrator",7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-07-25T17:11:44.253Z,0
CVE-2022-33164,https://securityvulnerability.io/vulnerability/CVE-2022-33164,IBM Security Directory Server path traversal,"IBM Security Directory Server version 7.2.0 is susceptible to a directory traversal vulnerability that enables a remote attacker to exploit the system by sending specially crafted URL requests. By utilizing 'dot dot' sequences (/../), an attacker may gain unauthorized access to the file system, allowing them to view or write arbitrary files, which poses significant security risks.",IBM,Security Directory Integrator,8.7,HIGH,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-09-08T19:58:51.729Z,0