Latest ibm security directory suite va Vulnerabilities

CVE-2022-33160
IBM Security Directory Suite uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
IBM Security Directory Suite<=8.0.1
IBM Security Directory Suite VA=8.0.1
IBM-7001885
IBM Security Directory Suite VA<=8.0.1
CVE-2022-33168
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
IBM Security Directory Server<=6.4.0
IBM Security Directory Suite<=8.0.1
IBM Security Verify Directory<=10.0.0
IBM Security Directory Suite VA=8.0.1
CVE-2022-33163
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
IBM Security Directory Suite VA=8.0.1
CVE-2022-32752
IBM Security Directory Server could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
IBM Security Directory Suite VA>=8.0.1<=8.0.1.19
IBM-7001693
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
CVE-2022-33159
IBM Security Directory Server stores user credentials in plain clear text which can be read by an authenticated user.
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
IBM Security Directory Suite VA>=8.0.1<=8.0.1.19
CVE-2022-33166
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
IBM Security Directory Suite VA>=8.0.1<=8.0.1.19
CVE-2022-32758
IBM Security Directory Server could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vuln...
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
CVE-2022-22475
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
Ibm Open Liberty>=17.0.0.3<=22.0.0.5
Ibm Websphere Application Server>=17.0.0.3<=22.0.0.5
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
CVE-2020-13947
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
Apache ActiveMQ<5.15.14
Apache ActiveMQ>=5.16.0<5.16.1
Oracle Communications Session Report Manager>=8.0.0<=8.2.2
Oracle Communications Session Route Manager>=8.0.0<=8.2.2
maven/org.apache.activemq:activemq-parent<5.15.14
and 1 more
CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depen...
maven/org.springframework:spring-framework-bom<4.3.29
maven/org.springframework:spring-framework-bom>=5.0.0<=5.0.18
maven/org.springframework:spring-framework-bom>=5.1.0<=5.1.17
maven/org.springframework:spring-framework-bom>=5.2.0<=5.2.8
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
redhat/springframework<5.2.9
and 80 more
CVE-2020-13920
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and cal...
redhat/Apache ActiveMQ<5.15.12
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
Apache ActiveMQ<5.15.12
Oracle Communications Diameter Signaling Router>=8.0.0<=8.2.2
Oracle FLEXCUBE Private Banking=12.0.0
Oracle FLEXCUBE Private Banking=12.1.0
and 2 more
CVE-2020-1941
Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin GUI. A remote attacker could exploit this vulnerability using a specially-craft...
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
Apache ActiveMQ>=5.0.0<=5.15.11
Oracle Communications Diameter Signaling Router>=8.0.0<=8.2.2
Oracle Communications Element Manager=8.1.1
Oracle Communications Element Manager=8.2.0
Oracle Communications Element Manager=8.2.1
and 10 more
CVE-2015-7559
Apache ActiveMQ client is vulnerable to a denial of service, caused by a remote shutdown command in the ActiveMQConnection class. By sending a specific command, a remote authenticated attacker could e...
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
Apache ActiveMQ<5.14.5
Apache ActiveMQ>=5.15.0<5.15.5
Redhat Jboss A-mq=6.2.1
Redhat Jboss A-mq=6.3
Redhat Jboss Fuse=6.3
and 1 more
CVE-2019-0227
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversi...
Apache Axis=1.4
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile Product Lifecycle Management Framework=9.3.3
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Big Data Discovery=1.6
and 76 more
CVE-2019-0222
Apache ActiveMQ is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted MQTT frame, a remote attacker could exploit this vulnerability to cause a deni...
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
redhat/activemq<5.15.9
maven/org.apache.activemq:activemq-client>=5.0.0<5.15.9
debian/activemq
debian/mqtt-client
ubuntu/mqtt-client<1.14-1ubuntu0.18.04.1~
and 15 more
CVE-2018-8006
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cau...
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
Apache ActiveMQ>=5.0.0<=5.15.5
maven/org.apache.activemq:activemq-web-console>=5.0.0<5.15.6
CVE-2018-11775
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client a...
maven/org.apache.activemq:activemq-client<5.15.6
IBM Security Directory Suite VA<=8.0.1-8.0.1.19
Apache ActiveMQ<5.15.6
Oracle Enterprise Repository=12.1.3.0.0
Oracle FLEXCUBE Private Banking=2.0.0.0
Oracle FLEXCUBE Private Banking=2.2.0.1
and 3 more
CVE-2018-8032
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Apache Axis>=1.0<=1.4
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile Product Lifecycle Management Framework=9.3.3
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Big Data Discovery=1.6
and 73 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203