CVE-2008-7289

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 41.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Directory Server

Timeline

PublishedApr 21

Latest updateMay 17

Description

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service (DB2 daemon deadlock) by making password changes that trigger updates to a DB2 password-history table.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_directory_server5.2.0, 5.2.0.4+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vm34-5fj4-jh3w: IBM Tivoli Directory Server (TDS) 5↗2022-05-17

▶

CVEList

CVE-2008-7289: IBM Tivoli Directory Server (TDS) 5↗2011-04-21

▶