First published: Mon Feb 03 2020(Updated: )
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Directory Server | >=6.4.0.0<6.4.0.20 | |
<=6.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-4562.
The title of this vulnerability is "IBM Security Directory Server stores sensitive information in URLs."
The severity rating of CVE-2019-4562 is medium, with a severity value of 5.3.
IBM Security Directory Server 6.4.0 stores sensitive information in URLs, which can lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header, or browser history.
The affected software version range for this vulnerability is from 6.4.0.0 to 6.4.0.20.
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-200.
Unauthorized parties can access the sensitive information in URLs through server logs, referer header, or browser history.
You can find more information about this vulnerability at the following links: [https://exchange.xforce.ibmcloud.com/vulnerabilities/166623](https://exchange.xforce.ibmcloud.com/vulnerabilities/166623) and [https://www.ibm.com/support/pages/node/1288660](https://www.ibm.com/support/pages/node/1288660).