IBM has released a new security bulletin detailing a number of vulnerabilities in the IBM Security Directory Server version 6.4.0. These vulnerabilities, which appear to be fixed in the 6.4.0.19-ISS-ISDS-IF0019 release, include an inadequate account lockout setting that could allow an attacker to attempt to brute force credentials, and the potential disclosure of sensitive information to unauthorized users. There also appear to be vulnerabilities in non-LDAP components, including HTTP open redirects, incomplete XML sanitization, and a cross-site scripting vulnerability in the web-based UI.