CVE-2011-1822

CWE-2555 documents4 sources
Severity
2.1LOW
EPSS
0.1%
top 84.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Directory Server
Timeline
PublishedApr 21
Latest updateMay 17

Description

The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDibm/tivoli_directory_server5.2.0, 5.2.0.4+1

Patches

Patch: www.ibm.com โ†—Patch: www.ibm.com โ†—

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-37mj-2pf9-8q24: The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5โ†—2022-05-17
โ–ถ
CVEList
CVE-2011-1822: The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5โ†—2011-04-21
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2011-4580 JBoss Enterprise Portal Platform: Multiple XSS flawsโ†—2011-12-07
โ–ถ
Bugzilla
CVE-2011-2941 JBoss Enterprise Portal Platform: open URL redirectโ†—2011-08-22
โ–ถ
CVE-2011-1822 (LOW CVSS 2.1) | The LDAP_ADD implementation in IBM | cvebase.io