Web Administration tool is shipped with IBM Tivoli / Security Directory Server. It is susceptible to a path traversal issue.
CVEID: CVE-2015-1977**
DESCRIPTION:** IBM Security Directory Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103696 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
IBM Tivoli Directory Server Version 6.1.0.73 and earlier
IBM Tivoli Directory Server Version 6.2.0.49 and earlier
IBM Tivoli Directory Server Version 6.3.0.42 and earlier
IBM Security Directory Server Version 6.3.1.17 and earlier
IBM Security Directory Server Version 6.4.0.8 and earlier
ITDS 6.1
| 6.1.0.74-ISS-ISDS-IF0074
—|—
ITDS 6.2 | 6.2.0.50-ISS-ISDS-IF0050
ITDS 6.3| 6.3.0.43-ISS-ISDS-IF0043
ISDS 6.3.1| 6.3.1.18-ISS-ISDS-IF0018
ISDS 6.4| 6.4.0.9-ISS-ISDS-IF0009
None