Описание
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 3 лет назад
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.
EPSS
Процентиль: 15%
0.00049
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-284