CVE-2015-1972

2015-06-2815:59:01

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-1972

ibm tivoli

security directory server

nvd

remote attackers

sensitive information

post request

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.

Affected configurations

NVD

Node

ibmtivoli_directory_serverMatch6.0

ibmtivoli_directory_serverMatch6.1.0

ibmtivoli_directory_serverMatch6.2.0.0

ibmtivoli_directory_serverMatch6.3.0.0

ibmtivoli_directory_serverMatch6.3.1.0

ibmtivoli_directory_serverMatch6.4.0

CPENameOperatorVersion
ibm:tivoli_directory_serveribm tivoli directory servereq6.0
ibm:tivoli_directory_serveribm tivoli directory servereq6.1.0
ibm:tivoli_directory_serveribm tivoli directory servereq6.2.0.0
ibm:tivoli_directory_serveribm tivoli directory servereq6.3.0.0
ibm:tivoli_directory_serveribm tivoli directory servereq6.3.1.0
ibm:tivoli_directory_serveribm tivoli directory servereq6.4.0

CPE	Name	Operator	Version
ibm:tivoli_directory_server	ibm tivoli directory server	eq	6.0
ibm:tivoli_directory_server	ibm tivoli directory server	eq	6.1.0
ibm:tivoli_directory_server	ibm tivoli directory server	eq	6.2.0.0
ibm:tivoli_directory_server	ibm tivoli directory server	eq	6.3.0.0
ibm:tivoli_directory_server	ibm tivoli directory server	eq	6.3.1.0
ibm:tivoli_directory_server	ibm tivoli directory server	eq	6.4.0