CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
55.3%
slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_directory_server | 5.2.0 | cpe:2.3:a:ibm:tivoli_directory_server:5.2.0:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0 | cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:* |
secunia.com/advisories/17484
securitytracker.com/id?1015171
www-1.ibm.com/support/docview.wss?rs=767&context=SSVJJU&dc=D400&uid=swg24010819&loc=en_US&cs=UTF-8&lang=en
www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081510_247
www-1.ibm.com/support/docview.wss?uid=swg21222159
www-1.ibm.com/support/search.wss?rs=0&q=IO02697&apar=only
www-1.ibm.com/support/search.wss?rs=0&q=IO02714&apar=only
www.kb.cert.org/vuls/id/194753
www.osvdb.org/20672
www.securityfocus.com/bid/15367
www.vupen.com/english/advisories/2005/2356
exchange.xforce.ibmcloud.com/vulnerabilities/22989