CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
26.4%
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_directory_server | 5.2.0 | cpe:2.3:a:ibm:tivoli_directory_server:5.2.0:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 5.2.0.4 | cpe:2.3:a:ibm:tivoli_directory_server:5.2.0.4:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0 | cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.0 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.0:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.1 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.1:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.7 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.7:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.8 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.8:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.14 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.14:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.19 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.19:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.33 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.33:*:*:*:*:*:*:* |
secunia.com/advisories/44184
securitytracker.com/id?1025358
www.ibm.com/support/docview.wss?uid=swg1IO14023
www.ibm.com/support/docview.wss?uid=swg1IO14025
www.ibm.com/support/docview.wss?uid=swg1IO14028
www.ibm.com/support/docview.wss?uid=swg1IO14043
www.ibm.com/support/docview.wss?uid=swg1IO14044
www.ibm.com/support/docview.wss?uid=swg21496086
www.ibm.com/support/docview.wss?uid=swg24029659
www.ibm.com/support/docview.wss?uid=swg24029660
www.ibm.com/support/docview.wss?uid=swg24029661
www.ibm.com/support/docview.wss?uid=swg24029663
www.ibm.com/support/docview.wss?uid=swg24029672
exchange.xforce.ibmcloud.com/vulnerabilities/66712