cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45650,https://securityvulnerability.io/vulnerability/CVE-2024-45650,Denial of Service Vulnerability in IBM Security Verify Directory,"IBM Security Verify Directory versions 10.0 through 10.0.3 are susceptible to a denial of service vulnerability triggered by LDAP extended operations. This issue can be exploited by sending malicious requests, potentially causing service interruptions and impacting overall system availability. Organizations using this product should assess their exposure to this vulnerability and implement appropriate security measures.",IBM,Security Verify Directory,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-31T15:07:24.198Z,0
CVE-2022-33162,https://securityvulnerability.io/vulnerability/CVE-2022-33162," authentication vulnerability in Security Directory Integrator","The vulnerability in IBM Security Directory Integrator and Security Verify Directory Integrator stems from a failure to authenticate certain operations that should require validated user identities. This oversight allows standard unprivileged users to carry out actions that can consume extensive resources, potentially disrupting normal operations. Proper authentication mechanisms should be enforced to mitigate risks associated with unauthorized activities.",IBM,"Security Directory Integrator,Security Verify Directory Integrator",9.8,CRITICAL,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-08-16T18:33:35.966Z,0
CVE-2022-33167,https://securityvulnerability.io/vulnerability/CVE-2022-33167,IBM Security Directory Integrator Vulnerability,"A vulnerability exists in IBM Security Directory Integrator and IBM Security Verify Directory Integrator that allows attackers to gain unauthorized access to sensitive information. This arises from a failure to properly implement the HTTPOnly flag, which can leave vulnerable cookies accessible to remote attackers. By exploiting this issue, attackers could potentially retrieve sensitive data from cookies, posing significant risks to user privacy and data integrity. Organizations using affected versions should prioritize timely updates and mitigations to safeguard sensitive information.",IBM,"Security Directory Integrator,Security Verify Directory Integrator",7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-07-30T17:05:35.007Z,0
CVE-2024-28772,https://securityvulnerability.io/vulnerability/CVE-2024-28772,IBM Security Products Vulnerable to Stored Cross-Site Scripting,IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  285645.,IBM,"Security Directory Integrator,Security Verify Directory Integrator",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-25T18:15:00.000Z,0
CVE-2022-32759,https://securityvulnerability.io/vulnerability/CVE-2022-32759,Insufficient Session Expiration Could Lead to Sensitive Information Theft,"The vulnerability affects IBM Security Directory Integrator and IBM Security Verify Directory Integrator due to insufficient session expiration mechanisms. This flaw can potentially enable unauthorized users to gain access to sensitive information, compromising the integrity of the system. Organizations utilizing these products should review their session management practices to mitigate the risk associated with this vulnerability.",IBM,"Security Directory Integrator,Security Verify Directory Integrator",7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-07-25T17:11:44.253Z,0
CVE-2022-32754,https://securityvulnerability.io/vulnerability/CVE-2022-32754,IBM Security Verify Directory Vulnerable to Cross-Site Scripting,"The vulnerability in IBM Security Verify Directory version 10.0.0 poses a risk of cross-site scripting, enabling attackers to inject arbitrary JavaScript code into the Web UI. This exploitation potentially alters intended functionalities and could lead to unauthorized access to user credentials within a trusted session. Organizations utilizing this product should take immediate action to mitigate the risks associated with this vulnerability.",IBM,Security Verify Directory,4.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-22T15:33:43.097Z,0
CVE-2022-32751,https://securityvulnerability.io/vulnerability/CVE-2022-32751,IBM Security Verify Directory Vulnerability Could Lead to System Compromise,IBM Security Verify Directory version 10.0.0 is susceptible to a vulnerability that allows for the disclosure of sensitive server information. This information can potentially be leveraged by attackers to execute further malicious actions against the system. Addressing this vulnerability is crucial to maintaining the integrity and security of the affected product. Organizations utilizing this version should consider immediate remediation to mitigate potential risks.,IBM,Security Verify Directory,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-22T15:31:02.795Z,0
CVE-2022-32756,https://securityvulnerability.io/vulnerability/CVE-2022-32756,IBM Security Verify Directory Vulnerability Could Lead to Sensitive Information Disclosure,"A vulnerability exists in IBM Security Verify Directory 10.0.0, enabling remote attackers to exploit detailed technical error messages returned by the application. These messages may inadvertently expose sensitive information that can be leveraged for subsequent attacks against the affected system. Proper handling of error messages is essential to mitigate risks associated with this vulnerability, as attackers can utilize the leaked information to plan and execute further compromise of the system.",IBM,Security Verify Directory,2.7,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-22T15:28:57.628Z,0
CVE-2022-32753,https://securityvulnerability.io/vulnerability/CVE-2022-32753,Weaker Cryptographic Algorithms in IBM Security Verify Directory 10.0.0 Could Leave Sensitive Information Vulnerable to Decryption,IBM Security Verify Directory 10.0.0 is reported to utilize cryptographic algorithms that do not meet expected security standards. This weakness can potentially enable unauthorized entities to decrypt sensitive data and compromise the confidentiality of user information. The vulnerability highlights the importance of implementing robust cryptographic measures to protect against potential breaches. Users of IBM Security Verify Directory should review their security protocols and consider applying any recommended patches or updates to mitigate risks associated with this vulnerability.,IBM,Security Verify Directory,4.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-22T15:26:23.956Z,0