VYPR

Security Verify Bridge Directory Sync

by IBM

CVEs (23)

  • CVE-2024-51450CriFeb 6, 2025
    risk 0.59cvss 9.1epss 0.01

    IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

  • CVE-2025-1411HigJun 15, 2025
    risk 0.51cvss 7.8epss 0.00

    IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.

  • CVE-2024-45650HigJan 31, 2025
    risk 0.49cvss 7.5epss 0.00

    IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.

  • CVE-2021-38864HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155.

  • CVE-2021-20442HigMar 3, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.

  • CVE-2022-33162HigAug 16, 2024
    risk 0.47cvss 7.3epss 0.00

    IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged…

  • CVE-2024-28772MedJul 25, 2024
    risk 0.44cvss 6.8epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…

  • CVE-2024-45672MedJan 23, 2025
    risk 0.39cvss 6.0epss 0.00

    IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.

  • CVE-2021-20441MedMar 3, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.

  • CVE-2024-45673MedFeb 21, 2025
    risk 0.36cvss 5.5epss 0.00

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.

  • CVE-2021-38863MedSep 23, 2021
    risk 0.36cvss 5.5epss 0.00

    IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.

  • CVE-2021-20435MedSep 23, 2021
    risk 0.36cvss 5.5epss 0.00

    IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

  • CVE-2022-32759MedJul 25, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.

  • CVE-2022-32751MedMar 22, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.

  • CVE-2024-28771MedJan 27, 2025
    risk 0.31cvss 4.8epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link…

  • CVE-2024-28770MedJan 27, 2025
    risk 0.31cvss 4.8epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link…

  • CVE-2022-32754MedMar 22, 2024
    risk 0.31cvss 4.8epss 0.00

    IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2022-32753MedMar 22, 2024
    risk 0.29cvss 4.5epss 0.00

    IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

  • CVE-2021-20434MedSep 23, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.

  • CVE-2022-33167LowJul 30, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive…

Page 1 of 2