Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1B4B04DBBD4FDF067FEC1DDEF727C5DE4C9A91BAA030D999A957C1DDB9DB2042
HistoryOct 01, 2019 - 9:12 a.m.

Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

2019-10-0109:12:41
www.ibm.com
8

EPSS

0.004

Percentile

74.4%

JSON

Summary

Multiple security vulnerabilities have been fixed and delivered in IBM Security Directory Server.

Vulnerability Details

CVEID: CVE-2019-4520
DESCRIPTION: IBM Security Directory Server uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165178 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2019-4538
DESCRIPTION: IBM Security Directory Server could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165660 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVEID: CVE-2019-4539
DESCRIPTION: IBM Security Directory Server does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165812 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID: CVE-2019-4542
DESCRIPTION: IBM Security Directory Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165815 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-4549
DESCRIPTION: IBM Security Directory Server discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165951 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Directory Server 6.4.0

Remediation/Fixes

Affected Product / Version Fix availability
IBM Security Directory Server 6.4.0 6.4.0.19-ISS-ISDS-IF0019

Workarounds and Mitigations

None

Related

nvd 5
prion 5
cvelist 5
cve 5
nvd
nvd
CVE-2019-4549
2019-10-02 15:15:10
CVE-2019-4520
2019-10-02 15:15:10
CVE-2019-4542
2019-10-02 15:15:10
prion
prion
Information disclosure
2019-10-02 15:15:00
Code injection
2019-10-02 15:15:00
Cross site scripting
2019-10-02 15:15:00
cvelist
cvelist
CVE-2019-4549
2019-10-02 14:45:30
CVE-2019-4520
2019-10-02 14:45:28
CVE-2019-4539
2019-10-02 14:45:29
cve
cve
CVE-2019-4549
2019-10-02 15:15:10
CVE-2019-4520
2019-10-02 15:15:10
CVE-2019-4542
2019-10-02 15:15:10

EPSS

0.004

Percentile

74.4%

JSON
Related for 1B4B04DBBD4FDF067FEC1DDEF727C5DE4C9A91BAA030D999A957C1DDB9DB2042
nvd5prion5cvelist5cve5