What is the vulnerability ID for this vulnerability?

The vulnerability ID is CVE-2019-4562.

What is the title of this vulnerability?

The title of this vulnerability is "IBM Security Directory Server stores sensitive information in URLs."

What is the severity rating of CVE-2019-4562?

The severity rating of CVE-2019-4562 is medium, with a severity value of 5.3.

What is the affected software version range for this vulnerability?

The affected software version range for this vulnerability is from 6.4.0.0 to 6.4.0.20.

What is the Common Weakness Enumeration (CWE) ID for this vulnerability?

The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-200.

How can unauthorized parties access the sensitive information in URLs?

Unauthorized parties can access the sensitive information in URLs through server logs, referer header, or browser history.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability at the following links: [https://exchange.xforce.ibmcloud.com/vulnerabilities/166623](https://exchange.xforce.ibmcloud.com/vulnerabilities/166623) and [https://www.ibm.com/support/pages/node/1288660](https://www.ibm.com/support/pages/node/1288660).

Vulnerability/
CVE-2019-4562

medium

5.3

CWE

200

3/2/2020

4/2/2020

16/9/2024

CVE-2019-4562: Infoleak

First published: Mon Feb 03 2020(Updated: )

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Directory Server	>=6.4.0.0<6.4.0.20
	<=6.4.0

Remedy

https://www.ibm.com/support/pages/node/1288660

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-1288660

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2019-4562.
What is the title of this vulnerability?
The title of this vulnerability is "IBM Security Directory Server stores sensitive information in URLs."
What is the severity rating of CVE-2019-4562?
The severity rating of CVE-2019-4562 is medium, with a severity value of 5.3.
How does IBM Security Directory Server store sensitive information in URLs?
IBM Security Directory Server 6.4.0 stores sensitive information in URLs, which can lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header, or browser history.
What is the affected software version range for this vulnerability?
The affected software version range for this vulnerability is from 6.4.0.0 to 6.4.0.20.
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-200.
How can unauthorized parties access the sensitive information in URLs?
Unauthorized parties can access the sensitive information in URLs through server logs, referer header, or browser history.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following links: [https://exchange.xforce.ibmcloud.com/vulnerabilities/166623](https://exchange.xforce.ibmcloud.com/vulnerabilities/166623) and [https://www.ibm.com/support/pages/node/1288660](https://www.ibm.com/support/pages/node/1288660).

collector/nvd-index
agent/references
agent/first-publish-date
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm security directory server
version/ibm security directory server/6.4.0.0
version/ibm security directory server/6.4.0