IBM Security Verify Directory

IBM Verify Dir Cont v10.x Local Priv Escalation via Unnecessary Privileges
CVE-2025-1411 7.8 - High - June 15, 2025

IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.

Execution with Unnecessary Privileges

IBM Security Verify Directory <=10.0.3 Authenticated Remote Command Execution
CVE-2024-51450 8.8 - High - February 06, 2025

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Shell injection

Denial of Service in IBM Security Verify Directory 10.0-10.0.3 via LDAP extended operation
CVE-2024-45650 7.5 - High - January 31, 2025

IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.

Improper Check for Unusual or Exceptional Conditions

IBM Verify Dir 10.0.0 Remote Info Exposure via Detailed Error Msg
CVE-2022-32756 2.7 - Low - March 22, 2024

IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.

Generation of Error Message Containing Sensitive Information

IBM Verify Directory 10.0.0 XSS in Web UI
CVE-2022-32754 4.8 - Medium - March 22, 2024

IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445.

XSS

IBM Verify Dir 10.0.0 Weak Crypto Enables Decryption
CVE-2022-32753 6.5 - Medium - March 22, 2024

IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

Inadequate Encryption Strength

IBM Security Verify Directory 10.0.0 Info Disclosure in Directory Metadata
CVE-2022-32751 5.3 - Medium - March 22, 2024

IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.

IBM Security Dir Server 6.4.0 HSTS Misconfig Remote Info Disclosure
CVE-2022-33161 5.9 - Medium - October 14, 2023

IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.

Missing Encryption of Sensitive Data

XXE in IBM Security Directory Server 6.4.0 (Fixed in 6.4.1)
CVE-2022-32755 9.1 - Critical - October 14, 2023

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.

XXE