CVE-2010-4788 — Improper Input Validation in IBM Tivoli Directory Server

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 41.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Directory Server

Timeline

PublishedApr 21

Latest updateMay 17

Description

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_directory_server20 versions+19

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-69h2-hw9q-gmjj: IBM Tivoli Directory Server (TDS) 6↗2022-05-17

▶

CVEList

CVE-2010-4788: IBM Tivoli Directory Server (TDS) 6↗2011-04-21

▶