CVE-2011-1820

CWE-200 — Information Exposure3 documents3 sources

Severity

1.7LOW

EPSS

0.1%

top 79.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Directory Server

Timeline

PublishedApr 21

Latest updateMay 17

Description

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.1 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_directory_server84 versions+83

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-hc92-928v-m6vq: IBM Tivoli Directory Server (TDS) 5↗2022-05-17

▶

CVEList

CVE-2011-1820: IBM Tivoli Directory Server (TDS) 5↗2011-04-21

▶