Описание
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:tivoli_directory_server:6.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00342
Низкий
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.
EPSS
Процентиль: 56%
0.00342
Низкий
5 Medium
CVSS2
Дефекты
CWE-287