Search criteria
138 vulnerabilities found for tivoli_directory_server by ibm
FKIE_CVE-2015-1975
Vulnerability from fkie_nvd - Published: 2018-04-03 22:29 - Updated: 2024-11-21 02:26
Severity ?
Summary
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/103717 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/103694 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103717 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/103694 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0 | |
| ibm | tivoli_directory_server | 6.1.0 | |
| ibm | tivoli_directory_server | 6.2.0.0 | |
| ibm | tivoli_directory_server | 6.3.0.0 | |
| ibm | tivoli_directory_server | 6.3.1.0 | |
| ibm | tivoli_directory_server | 6.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF905E9-DDA5-4369-AC6C-FD6E2573E667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBF236-512B-4CCC-A7B2-E32E47594A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694."
},
{
"lang": "es",
"value": "La herramienta de administraci\u00f3n web en IBM Tivoli Security Directory Server, en versiones 6.0 anteriores a iFix 75, versiones 6.1 anteriores a iFix 68, versiones 6.2 anteriores a iFix 44 y versiones 6.3 anteriores a iFix 37 y IBM Security Directory Server, en versiones 6.3.1 anteriores a iFix 11 y 6.4 anteriores a iFix 2, permite que usuarios locales obtengan privilegios mediante vectores relacionados con una inyecci\u00f3n de argumentos. IBM X-Force ID: 103694."
}
],
"id": "CVE-2015-1975",
"lastModified": "2024-11-21T02:26:30.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-03T22:29:00.290",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103717"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1976
Vulnerability from fkie_nvd - Published: 2017-02-08 22:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21980585 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/90526 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21980585 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/90526 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_directory_server | * | |
| ibm | security_directory_server | * | |
| ibm | tivoli_directory_server | * | |
| ibm | tivoli_directory_server | * | |
| ibm | tivoli_directory_server | * | |
| ibm | tivoli_directory_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45BCC2A7-717C-48ED-A18D-D53DB5C5494C",
"versionEndIncluding": "6.3.1.15",
"versionStartIncluding": "6.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FED8B510-A1AD-4D44-A1A6-BFB598A7B01D",
"versionEndIncluding": "6.4.0.6",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "373090C2-BA5E-4BAA-AFB0-A8177C3A0D91",
"versionEndIncluding": "6.0.0.77",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "613173B1-55AA-4847-8874-A8A3C7478B7A",
"versionEndIncluding": "6.1.0.72",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B901486-F601-4CB5-827A-88EF84D62FAC",
"versionEndIncluding": "6.2.0.48",
"versionStartIncluding": "6.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82CE5FEE-59BA-4618-9E6B-A85C99E6C31B",
"versionEndIncluding": "6.3.0.41",
"versionStartIncluding": "6.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
},
{
"lang": "es",
"value": "IBM Security Directory Server podr\u00eda permitir a un usuario autenticado ejecutar comandos en la herramienta de administraci\u00f3n web que causar\u00eda la ca\u00edda de la herramienta."
}
],
"id": "CVE-2015-1976",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-08T22:59:00.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/90526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/90526"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1977
Vulnerability from fkie_nvd - Published: 2016-07-15 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7165C049-258B-425D-B36B-152BBF3F8727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBAF2E5-4931-41AF-BCDA-D769B06FB05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98186E56-0F75-4306-9E34-A388EA2FD6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC2A00D-4A9E-4BB7-81E6-A0D3A8434EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CB6BE6-C851-4C31-A016-CCD4937277D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2260260B-B69E-4B59-A0D1-1F71B92ABDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BFF1C8-8AEA-43FC-B76C-F4A44A713F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E08631DE-72C4-462B-9763-41783EA8963C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "50315494-8C1B-436B-8E24-8B8CA565FB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2759F8BC-8400-4AB1-81DD-51BD69BB720E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEB330D-5FC6-424B-85EF-06A56329FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3588C1D0-3C8F-4C7A-A7F7-94EE51FA7ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DE5E95-BA4A-42A2-B376-373331D9934E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5D35E5-AFBE-4D90-9E89-9251C45CF0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B87492D7-D0C6-4E4A-87B3-F44BC3149101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "262F93A7-54A6-4D06-B5D1-FF6F7740044B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E4798A6D-E4F3-4481-B2C2-DCA4BCD97572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5E8D59-79F9-46D1-A1A7-608FA49F7121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8B3BE0-2515-4CB1-B124-5462703CD32B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "03B735E0-B531-4684-8BF5-0540F5B8FBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "677E05F0-F000-4C5F-83D7-7E2ED5CCB0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5E923364-6895-4B51-9C3F-B150EC6A541D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5F288406-D938-415D-AD92-F8AFC7219691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "08BBE891-2D1F-485D-A509-1A851CE83111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C6771D20-C32B-4324-89E6-387724922D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8A4729-46F8-44BE-B31C-FFB761C17D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C87A9397-6290-4D19-8A80-0D439B5915A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC60F206-4C09-4E06-98F5-8B4C85714803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "78F293FC-C7C7-41A3-A5B0-5203B000D41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC09987-98C8-4395-871F-E45C9745ACD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "BAB52381-38CB-4B68-9515-019FE318CA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3261B-9595-493A-9CFB-F3C049C570C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD872AF-0478-457D-87DA-FC125378411F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD471E9-2DD0-4364-ABC2-9CFC0747A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A40152-B83F-454A-A94E-F694512F56FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE73B82-CC1C-4F5D-A8D3-7AD151665B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5365E6BD-067B-46F8-A2F6-B46801B55FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7EA7C3-A9AE-4C55-88FC-06DA3A03766A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "18669C8F-8187-4AFF-8352-53F0BCB3250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED472B-2F14-4BA5-97A2-BE956790BCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "452BF23D-E083-431A-9D8C-601AE9E80EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "152DA7E5-A00D-4E20-AE94-AF9C0339A378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDE3BFF-FB14-4021-BD99-3D4E67AFF9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "E12F3696-BE10-414C-AABC-20678582E27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "168B8B0B-A76D-453D-8E4A-7CEE8C20CD2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C3DDD9-9013-414E-B5EB-65F576E12778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D872267B-B01D-4723-A522-8CDF684CB980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2234E088-31ED-4BBF-94C5-131E3B0CB994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCF803A-86AE-4875-ABD8-2DDB44D88F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3E505A-C749-4465-964F-0699DB9C094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B64779-4C28-4538-8F3C-EE32152AA8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A389475F-F043-40B7-894E-C8338EF86C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD77105-5410-474A-B42F-5CC69CB5FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "869DB569-F140-4AD9-B230-2A5752BAEA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D5545F04-B8D1-48FB-BDAD-27E1260AEB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A2FA81-F8D6-4255-8F55-A0B746D84691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C950A3E7-7CD2-4BB2-89B4-C708735371A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC98E9A-E879-4A28-93E9-0977F7B4C860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EF81D730-514C-4A9A-8683-54A1AD4E8F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6369ACB4-475E-4349-A6C3-7B718660F65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3EEB0C-7CFC-4CB3-A177-6A59BD4A68C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B3EE13-1C01-49DD-A642-C061783D958B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DA3DA-82E3-4E8D-9077-66AE9B5A374F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E70DE3A2-A6D7-4493-9182-1C0B7FBDF90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "403A84D2-4D3E-483B-A14A-AF1CEF06B9A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B3CD94-82B3-4265-9A9E-2F008F7051E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BFB392-F7EE-4448-A3AA-65E3269C1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2A621A28-D193-4C1B-8008-422DCE5229ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "378EB8A4-7F3A-463A-8D12-83800BC0C0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFC8686-795C-455B-B411-BD56E91683CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "59568EE3-3365-4864-BAAB-CE56DE2420ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E3A04A-B6F9-4C69-8A4D-4415D10C73C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5DAFE9-F022-4240-AFDA-5B44E303F889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0F83AF-9EEE-4FA6-863D-8F431A4DBE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "0022037B-042F-4395-8B5A-551848255FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "77594440-BB78-4131-AD83-56F88AD42DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAF5D43-946F-4910-BFAD-4C8000E288B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "50F2E5AF-F403-427F-B58C-A74849DFC0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "676FED1D-BFF8-44DF-B2B7-0B450B29AD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9F7CDC-35BF-47CC-909F-CB3F76285A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6406B436-A4C1-4936-AF73-C62DC663588A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64144623-32F7-4FD7-AE40-875078EF6954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BCFF6A-7A7F-4DB7-B2AC-54A35B4F006D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "94CFDA59-051E-46C0-814A-CDE82C29B3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1C266D-606B-47A3-898F-01D794F591E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F468434-0317-435A-B2A6-5923A88A090F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E79197BC-3BDF-4F38-B63F-1B2A658B645F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B1402A-B3C3-4210-928F-6EFCCE2DE1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92D48F0B-C9E2-4381-8463-83FF47136EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36308D0C-D92C-4857-A857-097F383EE76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A84CEB80-796F-4928-A2A0-73E604543A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "462385FC-F345-42EE-ABF0-E1781CC648A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F10F3910-5616-41A2-A3BF-18FA4DD68631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "51C34738-5F9B-43A7-987F-EB805B31119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA93B63-9D15-4784-8585-DBC139A382E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55D84E30-1F23-4A6A-B622-78DBEEBEFB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "50C9A7DF-6968-41CC-911A-B746CB43AA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA493E1-F791-4FE5-9F7E-36CAC0D942C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F7365156-4EA3-476A-A395-FADEDF1BA80A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "321B15BC-2653-4B64-A5AE-9FCA6A08713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1B527B-E07D-4543-92A6-0EE58CB8FECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDBA9D2-E683-431A-B06C-5CCA55E44EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4AFCB-755A-40E9-AB2B-4FDFD10B0388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "86556AFA-F4F5-4C29-B59D-DC5281375E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5E16D75E-7678-48AF-AA2D-33C167ACC99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB97A26-E8A9-418C-87C9-F4837BF6680A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFA6A4C-8EE2-4898-9AEB-CA5EBE4BC5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3922010D-4867-402C-9EC5-98FDEB281EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC6C026-A23F-4A12-BE0C-3333B9D5A0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "297D92F4-51B0-4DC0-B872-984AD0A6008F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4B93E759-1B76-421D-9684-F6FF77A99E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "344605B3-15C9-4E36-A22B-7EBC1207A03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F15D60CA-8B3C-48D7-A860-1B72BCA14CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "FD03B74B-E234-4757-8D98-896DEA4CED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF9CDD0-3F78-4489-A18D-40A1FAF705F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBF6D03-9A58-477D-B5D0-030A373A58AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7636BE-22BB-44C3-B303-9780E2A24487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4E6E83-914D-467F-9EEA-56669B95CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "38BBCED9-4260-40DC-A9A6-40CDB09BA92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D297D508-ACC2-41E7-B3F5-5AEDFE3E2453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD3BA3E-E015-4CB7-B686-19F45F8221C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "90F615EC-7530-468D-B62E-B07A1FE0431B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "7E278A8E-D7B6-450C-92D6-9955B22E18C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D85F4-1019-419D-8769-B1636385384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D3F8DB-C145-403F-92DE-CF4D5DC83177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE3E56E-95DC-4706-9FBE-622FFA9C8092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "684BD112-7763-4901-973C-D2ABB10CCE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "311FA0A0-FACB-4A20-AA75-35EF1FF6F0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "16C8CA71-D7A8-4841-A895-E009F3552359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "18ABDC8A-118C-4A35-A396-1020A9469D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "38204AD1-BF0E-4521-9EE6-66214B4A353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "218DD29F-18C9-489D-9273-4705BFCDE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "3947B542-1356-4645-A792-E27DB2C07DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "39A69967-1505-45AB-B70B-9E9C15AB6798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AE0B38-8249-4959-B031-996EC4EE92FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "0652BE9E-5EC8-436A-A88E-4707F36C5893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A2541DAF-6093-4411-98C6-A41F49D224D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC763F0-71C3-494C-AD5D-A3389D643328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2C19DFC0-14CC-456D-AC84-D9F634F9734F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2BE5F0-CEEB-480A-9B80-D08142659C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "540FD770-3493-4C44-A3B4-2AB307E0B472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F359B1-7984-4BB8-9408-440745AFBF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "472B5989-E033-449C-AB90-E24FE7F99125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "84B938E8-26C7-425C-AA54-081FF3EC00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "202262F1-6CB8-4235-B5F0-00FDC6FB614D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF29B53-180C-4B20-90D5-480C467F5746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7FD9C-FEA9-4001-BD48-10B02B38989E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B351A-E773-42F0-A7EA-F1874F7BCCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "57FB18BD-4C72-436C-85CB-06037E2CFC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC0FD9F-A137-4AD1-8F77-58E822070D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD21537-4540-4D74-80F9-5999A5506D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "1B343912-E222-4C9B-906A-1B3069D2231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "A27D29E2-80FA-438C-AFE6-DEF78F79D2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7D28A41B-CABC-4260-BF6F-21CAE3E53244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "10C702E7-1331-4E80-9C1D-72F8629F5D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D24D3-628A-4C33-AA03-84AB1DF41344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EC9115-FBCC-4A87-B0E5-BB13C3982338",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D30CF683-05B0-4056-AD7C-B9A2278A1B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4913DA-4540-46BA-A249-D635D67D829F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9602D062-F243-428F-8938-0805B9BEFB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "189C9DEF-136A-46AB-B320-6934C313DA8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "832EE5FD-B99D-4F5F-B41E-E0893E63E0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F62A02C-E84B-4570-BAB6-995E423173A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D879EBF4-894C-4272-B8D9-1E5E34187BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "50F2E7CC-C7CF-4817-857B-886961BC0811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2CA356-BF67-4B67-9355-62ED2057F534",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D71241-E8BE-4E48-8E25-DFCC919FF5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6207324-D4F6-4FD6-97C2-3AA3C124E6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47D9A14A-E167-49AF-B675-B7C7933F64D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E22DDAC-4419-4214-BBB8-4984AA8F9090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC77DA6D-55EC-4B98-9E75-57F9AD0642DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0837005C-126A-4800-A3B1-74A22F0DC617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07D1C332-CFFA-4FA5-9BEF-673BE30E8378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69DE7246-2030-4F00-A3B5-B9E911441449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F43466E-EF4B-48D8-A04C-90C010C895BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4D2984-27DA-4145-948C-6A4598AD93CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9DC7E6-AD81-4A18-89B3-BC85538F5D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADD2FE5-C458-49A6-B3BA-8A699AD4F67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0A48BD98-4EF8-4DD3-9FFB-137FC6D88360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7EA5F-FA03-496A-9985-5C2216D7BF6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D1852806-44FC-4CFA-A62D-AA7DC5B53B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ACED89-C2B6-4DD1-A479-7D24D1BC0629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "535B9657-0138-42BA-814A-17862CBD460C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "87FE5D8D-0897-44B9-BE7A-C95F42E53A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7319134D-22D3-4618-944A-7D2443E7839F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la herramienta Web Administration en IBM Tivoli Directory Server (ITDS) en versiones anteriores a 6.1.0.74-ISS-ISDS-IF0074, 6.2.x en versiones anteriores a 6.2.0.50-ISS-ISDS-IF0050 y 6.3.x en versiones anteriores a 6.3.0.43-ISS-ISDS-IF0043 y IBM Security Directory Server (ISDS) en versiones anteriores a 6.3.1.18-ISS-ISDS-IF0018 y 6.4.x en versiones anteriores a 6.4.0.9-ISS-ISDS-IF0009 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de .. (punto punto) en una URL."
}
],
"id": "CVE-2015-1977",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-15T18:59:00.140",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2019
Vulnerability from fkie_nvd - Published: 2015-06-28 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/75437 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75437 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0 | |
| ibm | tivoli_directory_server | 6.1.0 | |
| ibm | tivoli_directory_server | 6.2.0.0 | |
| ibm | tivoli_directory_server | 6.3.0.0 | |
| ibm | tivoli_directory_server | 6.3.1.0 | |
| ibm | tivoli_directory_server | 6.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF905E9-DDA5-4369-AC6C-FD6E2573E667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBF236-512B-4CCC-A7B2-E32E47594A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation."
},
{
"lang": "es",
"value": "IBM Tivoli Security Directory Server 6.0 en versiones anteriores a iFix 75, 6.1 en versiones anteriores a iFix 68, 6.2 en versiones anteriores a iFix 44, 6.3 en versiones anteriores a iFix 37, 6.3.1 en versiones anteriores a iFix 11 y 6.4 en versiones anteriores a iFix 2 no previene correctamente el almacenamiento en cach\u00e9 de documentos recuperados en sesiones SSL, lo que permite a atacantes fisicamente pr\u00f3ximos obtener informaci\u00f3n sensible aprovechando un puesto de trabajo desatendido."
}
],
"id": "CVE-2015-2019",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-28T15:59:03.843",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75437"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1978
Vulnerability from fkie_nvd - Published: 2015-06-28 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/75435 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75435 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0 | |
| ibm | tivoli_directory_server | 6.1.0 | |
| ibm | tivoli_directory_server | 6.2.0.0 | |
| ibm | tivoli_directory_server | 6.3.0.0 | |
| ibm | tivoli_directory_server | 6.3.1.0 | |
| ibm | tivoli_directory_server | 6.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF905E9-DDA5-4369-AC6C-FD6E2573E667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBF236-512B-4CCC-A7B2-E32E47594A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTMl a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1978",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-28T15:59:02.923",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75435"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1974
Vulnerability from fkie_nvd - Published: 2015-06-28 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/75438 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75438 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0 | |
| ibm | tivoli_directory_server | 6.1.0 | |
| ibm | tivoli_directory_server | 6.2.0.0 | |
| ibm | tivoli_directory_server | 6.3.0.0 | |
| ibm | tivoli_directory_server | 6.3.1.0 | |
| ibm | tivoli_directory_server | 6.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF905E9-DDA5-4369-AC6C-FD6E2573E667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBF236-512B-4CCC-A7B2-E32E47594A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "La herramineta de administraci\u00f3n web en IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 permite a usuarios remotos autenticados evadir las restricciones de comandos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1974",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-28T15:59:02.127",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75438"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1972
Vulnerability from fkie_nvd - Published: 2015-06-28 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/75441 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21960659 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032734 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0 | |
| ibm | tivoli_directory_server | 6.1.0 | |
| ibm | tivoli_directory_server | 6.2.0.0 | |
| ibm | tivoli_directory_server | 6.3.0.0 | |
| ibm | tivoli_directory_server | 6.3.1.0 | |
| ibm | tivoli_directory_server | 6.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF905E9-DDA5-4369-AC6C-FD6E2573E667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBF236-512B-4CCC-A7B2-E32E47594A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request."
},
{
"lang": "es",
"value": "IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 permite a atacantes remotos obtener informaci\u00f3n sensible de registros de error a trav\u00e9s de una solicitud POST manipulada."
}
],
"id": "CVE-2015-1972",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-28T15:59:01.203",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75441"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032734"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1959
Vulnerability from fkie_nvd - Published: 2015-06-28 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0 | |
| ibm | tivoli_directory_server | 6.1.0 | |
| ibm | tivoli_directory_server | 6.2.0.0 | |
| ibm | tivoli_directory_server | 6.3.0.0 | |
| ibm | tivoli_directory_server | 6.3.1.0 | |
| ibm | tivoli_directory_server | 6.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF905E9-DDA5-4369-AC6C-FD6E2573E667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBF236-512B-4CCC-A7B2-E32E47594A4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action."
},
{
"lang": "es",
"value": "IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 no restringe correctamente los ficheros codificados, lo que permite a usuarios locales obtener informaci\u00f3n sensible o posiblemente tener otro impacto no especificado a trav\u00e9s de una acci\u00f3n (1) de descarga o (2) subida."
}
],
"id": "CVE-2015-1959",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-28T15:59:00.093",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/75442"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032734"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0138
Vulnerability from fkie_nvd - Published: 2015-03-25 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F13D54-ED0A-4941-85E1-8C2BCF366891",
"versionEndIncluding": "6.0.0.73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F468434-0317-435A-B2A6-5923A88A090F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E79197BC-3BDF-4F38-B63F-1B2A658B645F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B1402A-B3C3-4210-928F-6EFCCE2DE1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92D48F0B-C9E2-4381-8463-83FF47136EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36308D0C-D92C-4857-A857-097F383EE76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A84CEB80-796F-4928-A2A0-73E604543A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "462385FC-F345-42EE-ABF0-E1781CC648A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F10F3910-5616-41A2-A3BF-18FA4DD68631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "51C34738-5F9B-43A7-987F-EB805B31119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA93B63-9D15-4784-8585-DBC139A382E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55D84E30-1F23-4A6A-B622-78DBEEBEFB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "50C9A7DF-6968-41CC-911A-B746CB43AA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA493E1-F791-4FE5-9F7E-36CAC0D942C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F7365156-4EA3-476A-A395-FADEDF1BA80A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "321B15BC-2653-4B64-A5AE-9FCA6A08713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1B527B-E07D-4543-92A6-0EE58CB8FECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDBA9D2-E683-431A-B06C-5CCA55E44EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4AFCB-755A-40E9-AB2B-4FDFD10B0388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "86556AFA-F4F5-4C29-B59D-DC5281375E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5E16D75E-7678-48AF-AA2D-33C167ACC99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB97A26-E8A9-418C-87C9-F4837BF6680A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFA6A4C-8EE2-4898-9AEB-CA5EBE4BC5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3922010D-4867-402C-9EC5-98FDEB281EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC6C026-A23F-4A12-BE0C-3333B9D5A0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "297D92F4-51B0-4DC0-B872-984AD0A6008F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4B93E759-1B76-421D-9684-F6FF77A99E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "344605B3-15C9-4E36-A22B-7EBC1207A03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F15D60CA-8B3C-48D7-A860-1B72BCA14CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "FD03B74B-E234-4757-8D98-896DEA4CED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF9CDD0-3F78-4489-A18D-40A1FAF705F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBF6D03-9A58-477D-B5D0-030A373A58AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7636BE-22BB-44C3-B303-9780E2A24487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4E6E83-914D-467F-9EEA-56669B95CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "38BBCED9-4260-40DC-A9A6-40CDB09BA92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D297D508-ACC2-41E7-B3F5-5AEDFE3E2453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD3BA3E-E015-4CB7-B686-19F45F8221C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "90F615EC-7530-468D-B62E-B07A1FE0431B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "7E278A8E-D7B6-450C-92D6-9955B22E18C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D85F4-1019-419D-8769-B1636385384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D3F8DB-C145-403F-92DE-CF4D5DC83177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE3E56E-95DC-4706-9FBE-622FFA9C8092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "684BD112-7763-4901-973C-D2ABB10CCE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "311FA0A0-FACB-4A20-AA75-35EF1FF6F0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "16C8CA71-D7A8-4841-A895-E009F3552359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "18ABDC8A-118C-4A35-A396-1020A9469D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "38204AD1-BF0E-4521-9EE6-66214B4A353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "218DD29F-18C9-489D-9273-4705BFCDE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "3947B542-1356-4645-A792-E27DB2C07DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "39A69967-1505-45AB-B70B-9E9C15AB6798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AE0B38-8249-4959-B031-996EC4EE92FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "0652BE9E-5EC8-436A-A88E-4707F36C5893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A2541DAF-6093-4411-98C6-A41F49D224D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC763F0-71C3-494C-AD5D-A3389D643328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "2C19DFC0-14CC-456D-AC84-D9F634F9734F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2BE5F0-CEEB-480A-9B80-D08142659C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "540FD770-3493-4C44-A3B4-2AB307E0B472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F359B1-7984-4BB8-9408-440745AFBF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "472B5989-E033-449C-AB90-E24FE7F99125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "84B938E8-26C7-425C-AA54-081FF3EC00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "202262F1-6CB8-4235-B5F0-00FDC6FB614D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF29B53-180C-4B20-90D5-480C467F5746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7FD9C-FEA9-4001-BD48-10B02B38989E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B351A-E773-42F0-A7EA-F1874F7BCCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "57FB18BD-4C72-436C-85CB-06037E2CFC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC0FD9F-A137-4AD1-8F77-58E822070D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBAF2E5-4931-41AF-BCDA-D769B06FB05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98186E56-0F75-4306-9E34-A388EA2FD6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC2A00D-4A9E-4BB7-81E6-A0D3A8434EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CB6BE6-C851-4C31-A016-CCD4937277D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2260260B-B69E-4B59-A0D1-1F71B92ABDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BFF1C8-8AEA-43FC-B76C-F4A44A713F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E08631DE-72C4-462B-9763-41783EA8963C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "50315494-8C1B-436B-8E24-8B8CA565FB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2759F8BC-8400-4AB1-81DD-51BD69BB720E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEB330D-5FC6-424B-85EF-06A56329FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3588C1D0-3C8F-4C7A-A7F7-94EE51FA7ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DE5E95-BA4A-42A2-B376-373331D9934E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5D35E5-AFBE-4D90-9E89-9251C45CF0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B87492D7-D0C6-4E4A-87B3-F44BC3149101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "262F93A7-54A6-4D06-B5D1-FF6F7740044B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E4798A6D-E4F3-4481-B2C2-DCA4BCD97572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5E8D59-79F9-46D1-A1A7-608FA49F7121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8B3BE0-2515-4CB1-B124-5462703CD32B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "03B735E0-B531-4684-8BF5-0540F5B8FBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "677E05F0-F000-4C5F-83D7-7E2ED5CCB0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5E923364-6895-4B51-9C3F-B150EC6A541D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5F288406-D938-415D-AD92-F8AFC7219691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "08BBE891-2D1F-485D-A509-1A851CE83111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C6771D20-C32B-4324-89E6-387724922D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8A4729-46F8-44BE-B31C-FFB761C17D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C87A9397-6290-4D19-8A80-0D439B5915A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CC60F206-4C09-4E06-98F5-8B4C85714803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "78F293FC-C7C7-41A3-A5B0-5203B000D41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC09987-98C8-4395-871F-E45C9745ACD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "BAB52381-38CB-4B68-9515-019FE318CA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F3261B-9595-493A-9CFB-F3C049C570C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD872AF-0478-457D-87DA-FC125378411F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD471E9-2DD0-4364-ABC2-9CFC0747A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A40152-B83F-454A-A94E-F694512F56FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE73B82-CC1C-4F5D-A8D3-7AD151665B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "5365E6BD-067B-46F8-A2F6-B46801B55FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7EA7C3-A9AE-4C55-88FC-06DA3A03766A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D872267B-B01D-4723-A522-8CDF684CB980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2234E088-31ED-4BBF-94C5-131E3B0CB994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCF803A-86AE-4875-ABD8-2DDB44D88F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3E505A-C749-4465-964F-0699DB9C094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B64779-4C28-4538-8F3C-EE32152AA8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A389475F-F043-40B7-894E-C8338EF86C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD77105-5410-474A-B42F-5CC69CB5FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "869DB569-F140-4AD9-B230-2A5752BAEA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D5545F04-B8D1-48FB-BDAD-27E1260AEB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A2FA81-F8D6-4255-8F55-A0B746D84691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C950A3E7-7CD2-4BB2-89B4-C708735371A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC98E9A-E879-4A28-93E9-0977F7B4C860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EF81D730-514C-4A9A-8683-54A1AD4E8F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6369ACB4-475E-4349-A6C3-7B718660F65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3EEB0C-7CFC-4CB3-A177-6A59BD4A68C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B3EE13-1C01-49DD-A642-C061783D958B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B30DA3DA-82E3-4E8D-9077-66AE9B5A374F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E70DE3A2-A6D7-4493-9182-1C0B7FBDF90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "403A84D2-4D3E-483B-A14A-AF1CEF06B9A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B3CD94-82B3-4265-9A9E-2F008F7051E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BFB392-F7EE-4448-A3AA-65E3269C1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2A621A28-D193-4C1B-8008-422DCE5229ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "378EB8A4-7F3A-463A-8D12-83800BC0C0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFC8686-795C-455B-B411-BD56E91683CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "59568EE3-3365-4864-BAAB-CE56DE2420ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E3A04A-B6F9-4C69-8A4D-4415D10C73C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5DAFE9-F022-4240-AFDA-5B44E303F889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6406B436-A4C1-4936-AF73-C62DC663588A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64144623-32F7-4FD7-AE40-875078EF6954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BCFF6A-7A7F-4DB7-B2AC-54A35B4F006D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "94CFDA59-051E-46C0-814A-CDE82C29B3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1C266D-606B-47A3-898F-01D794F591E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."
},
{
"lang": "es",
"value": "GSKit en IBM Tivoli Directory Server (ITDS) 6.0 anterior a 6.0.0.73-ISS-ITDS-IF0073, 6.1 anterior a 6.1.0.66-ISS-ITDS-IF0066, 6.2 anterior a 6.2.0.42-ISS-ITDS-IF0042, y 6.3 anterior a 6.3.0.35-ISS-ITDS-IF0035 e IBM Security Directory Server (ISDS) 6.3.1 anterior a 6.3.1.9-ISS-ISDS-IF0009 no restringe correctamente las transiciones de estados de TLS, lo que facilita a atacantes remotos realizar ataques de degradaci\u00f3n de cifrado sobre los cifrados EXPORT_RSA a trav\u00e9s de trafico de TLS manipulado, relacionado con el problema \u0027FREAK\u0027, una vulnerabilidad diferente a CVE-2015-0204."
}
],
"id": "CVE-2015-0138",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-25T01:59:17.923",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/73326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73326"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-6100
Vulnerability from fkie_nvd - Published: 2014-10-19 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D71241-E8BE-4E48-8E25-DFCC919FF5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47D9A14A-E167-49AF-B675-B7C7933F64D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E22DDAC-4419-4214-BBB8-4984AA8F9090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC77DA6D-55EC-4B98-9E75-57F9AD0642DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0837005C-126A-4800-A3B1-74A22F0DC617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07D1C332-CFFA-4FA5-9BEF-673BE30E8378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_directory_server:6.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69DE7246-2030-4F00-A3B5-B9E911441449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F468434-0317-435A-B2A6-5923A88A090F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E79197BC-3BDF-4F38-B63F-1B2A658B645F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B1402A-B3C3-4210-928F-6EFCCE2DE1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92D48F0B-C9E2-4381-8463-83FF47136EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36308D0C-D92C-4857-A857-097F383EE76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A84CEB80-796F-4928-A2A0-73E604543A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "462385FC-F345-42EE-ABF0-E1781CC648A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F10F3910-5616-41A2-A3BF-18FA4DD68631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "51C34738-5F9B-43A7-987F-EB805B31119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA93B63-9D15-4784-8585-DBC139A382E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55D84E30-1F23-4A6A-B622-78DBEEBEFB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "50C9A7DF-6968-41CC-911A-B746CB43AA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA493E1-F791-4FE5-9F7E-36CAC0D942C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F7365156-4EA3-476A-A395-FADEDF1BA80A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "321B15BC-2653-4B64-A5AE-9FCA6A08713C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1B527B-E07D-4543-92A6-0EE58CB8FECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDBA9D2-E683-431A-B06C-5CCA55E44EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4AFCB-755A-40E9-AB2B-4FDFD10B0388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "86556AFA-F4F5-4C29-B59D-DC5281375E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5E16D75E-7678-48AF-AA2D-33C167ACC99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB97A26-E8A9-418C-87C9-F4837BF6680A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFA6A4C-8EE2-4898-9AEB-CA5EBE4BC5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3922010D-4867-402C-9EC5-98FDEB281EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC6C026-A23F-4A12-BE0C-3333B9D5A0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "297D92F4-51B0-4DC0-B872-984AD0A6008F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4B93E759-1B76-421D-9684-F6FF77A99E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "344605B3-15C9-4E36-A22B-7EBC1207A03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F15D60CA-8B3C-48D7-A860-1B72BCA14CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "FD03B74B-E234-4757-8D98-896DEA4CED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF9CDD0-3F78-4489-A18D-40A1FAF705F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBF6D03-9A58-477D-B5D0-030A373A58AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7636BE-22BB-44C3-B303-9780E2A24487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4E6E83-914D-467F-9EEA-56669B95CCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "38BBCED9-4260-40DC-A9A6-40CDB09BA92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D297D508-ACC2-41E7-B3F5-5AEDFE3E2453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD3BA3E-E015-4CB7-B686-19F45F8221C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "90F615EC-7530-468D-B62E-B07A1FE0431B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "7E278A8E-D7B6-450C-92D6-9955B22E18C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D85F4-1019-419D-8769-B1636385384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "18ABDC8A-118C-4A35-A396-1020A9469D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "38204AD1-BF0E-4521-9EE6-66214B4A353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "218DD29F-18C9-489D-9273-4705BFCDE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7FD9C-FEA9-4001-BD48-10B02B38989E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5682108-A76B-443A-A172-7F17F54B5983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7165C049-258B-425D-B36B-152BBF3F8727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBAF2E5-4931-41AF-BCDA-D769B06FB05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98186E56-0F75-4306-9E34-A388EA2FD6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC2A00D-4A9E-4BB7-81E6-A0D3A8434EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CB6BE6-C851-4C31-A016-CCD4937277D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2260260B-B69E-4B59-A0D1-1F71B92ABDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BFF1C8-8AEA-43FC-B76C-F4A44A713F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E08631DE-72C4-462B-9763-41783EA8963C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "50315494-8C1B-436B-8E24-8B8CA565FB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2759F8BC-8400-4AB1-81DD-51BD69BB720E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEB330D-5FC6-424B-85EF-06A56329FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3588C1D0-3C8F-4C7A-A7F7-94EE51FA7ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DE5E95-BA4A-42A2-B376-373331D9934E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5D35E5-AFBE-4D90-9E89-9251C45CF0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B87492D7-D0C6-4E4A-87B3-F44BC3149101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "262F93A7-54A6-4D06-B5D1-FF6F7740044B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E4798A6D-E4F3-4481-B2C2-DCA4BCD97572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5E8D59-79F9-46D1-A1A7-608FA49F7121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8B3BE0-2515-4CB1-B124-5462703CD32B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD471E9-2DD0-4364-ABC2-9CFC0747A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C3DDD9-9013-414E-B5EB-65F576E12778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D872267B-B01D-4723-A522-8CDF684CB980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2234E088-31ED-4BBF-94C5-131E3B0CB994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCF803A-86AE-4875-ABD8-2DDB44D88F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3E505A-C749-4465-964F-0699DB9C094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B64779-4C28-4538-8F3C-EE32152AA8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFC8686-795C-455B-B411-BD56E91683CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz del usuario de administraci\u00f3n en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 anterior a 6.2.0.39-ISS-ITDS-FP0039, y 6.3 anterior a 6.3.0.33-ISS-ITDS-IF0033, e IBM Security Directory Server 6.3.1 anterior a 6.3.1.7-ISS-ISDS-IF0007, permite a usuarios remotos autenticados inyectar secuencias de comandos web a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6100",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-19T01:55:15.717",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61061"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-1975 (GCVE-0-2015-1975)
Vulnerability from cvelistv5 – Published: 2018-04-03 22:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sds-cve20151975-arg-injection(103694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "103717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sds-cve20151975-arg-injection(103694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "103717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sds-cve20151975-arg-injection(103694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "103717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1975",
"datePublished": "2018-04-03T22:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1976 (GCVE-0-2015-1976)
Vulnerability from cvelistv5 – Published: 2017-02-08 22:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Directory Server |
Affected:
6.1
Affected: 6.2 Affected: 6.3 Affected: 6.3.1 Affected: 6.0 Affected: 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Directory Server",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.4"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "90526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Directory Server",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.3.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90526"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21980585",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1976",
"datePublished": "2017-02-08T22:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1977 (GCVE-0-2015-1977)
Vulnerability from cvelistv5 – Published: 2016-07-15 18:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-15T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1977",
"datePublished": "2016-07-15T18:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1978 (GCVE-0-2015-1978)
Vulnerability from cvelistv5 – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1978",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1959 (GCVE-0-2015-1959)
Vulnerability from cvelistv5 – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1959",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:43.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2019 (GCVE-0-2015-2019)
Vulnerability from cvelistv5 – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-2019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-2019",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1974 (GCVE-0-2015-1974)
Vulnerability from cvelistv5 – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75438"
},
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "75438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75438"
},
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75438"
},
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1974",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1972 (GCVE-0-2015-1972)
Vulnerability from cvelistv5 – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1972",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:43.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0138 (GCVE-0-2015-0138)
Vulnerability from cvelistv5 – Published: 2015-03-25 01:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:09.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "73326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73326"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "73326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73326"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1007",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "73326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73326"
},
{
"name": "RHSA-2015:1006",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name": "RHSA-2015:1091",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "SUSE-SU-2015:1138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "RHSA-2015:1020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "SUSE-SU-2015:1086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "SUSE-SU-2015:1085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name": "RHSA-2015:1021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "SUSE-SU-2015:1073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name": "SUSE-SU-2015:1161",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0138",
"datePublished": "2015-03-25T01:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:09.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6100 (GCVE-0-2014-6100)
Vulnerability from cvelistv5 – Published: 2014-10-19 01:00 – Updated: 2024-08-06 12:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sds-cve20146100-xss(96005)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"name": "61061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sds-cve20146100-xss(96005)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"name": "61061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sds-cve20146100-xss(96005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"name": "61061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6100",
"datePublished": "2014-10-19T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1975 (GCVE-0-2015-1975)
Vulnerability from nvd – Published: 2018-04-03 22:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sds-cve20151975-arg-injection(103694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "103717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sds-cve20151975-arg-injection(103694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "103717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sds-cve20151975-arg-injection(103694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "103717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1975",
"datePublished": "2018-04-03T22:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1976 (GCVE-0-2015-1976)
Vulnerability from nvd – Published: 2017-02-08 22:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Directory Server |
Affected:
6.1
Affected: 6.2 Affected: 6.3 Affected: 6.3.1 Affected: 6.0 Affected: 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Directory Server",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.4"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "90526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Directory Server",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.3.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90526"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21980585",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21980585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1976",
"datePublished": "2017-02-08T22:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1977 (GCVE-0-2015-1977)
Vulnerability from nvd – Published: 2016-07-15 18:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-15T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1977",
"datePublished": "2016-07-15T18:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1978 (GCVE-0-2015-1978)
Vulnerability from nvd – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1978",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1959 (GCVE-0-2015-1959)
Vulnerability from nvd – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1959",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:43.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2019 (GCVE-0-2015-2019)
Vulnerability from nvd – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-2019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-2019",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1974 (GCVE-0-2015-1974)
Vulnerability from nvd – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75438"
},
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "75438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75438"
},
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75438"
},
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1974",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1972 (GCVE-0-2015-1972)
Vulnerability from nvd – Published: 2015-06-28 15:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name": "75441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1972",
"datePublished": "2015-06-28T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:43.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0138 (GCVE-0-2015-0138)
Vulnerability from nvd – Published: 2015-03-25 01:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:09.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "73326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73326"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "73326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73326"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1007",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "73326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73326"
},
{
"name": "RHSA-2015:1006",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name": "RHSA-2015:1091",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "SUSE-SU-2015:1138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "RHSA-2015:1020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "SUSE-SU-2015:1086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "SUSE-SU-2015:1085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name": "RHSA-2015:1021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "SUSE-SU-2015:1073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name": "SUSE-SU-2015:1161",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0138",
"datePublished": "2015-03-25T01:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:09.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6100 (GCVE-0-2014-6100)
Vulnerability from nvd – Published: 2014-10-19 01:00 – Updated: 2024-08-06 12:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-sds-cve20146100-xss(96005)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"name": "61061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-sds-cve20146100-xss(96005)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"name": "61061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sds-cve20146100-xss(96005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96005"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686581"
},
{
"name": "61061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6100",
"datePublished": "2014-10-19T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}