CVE-2011-2758

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 43.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Directory Server
Timeline
PublishedJul 17
Latest updateMay 17

Description

IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/tivoli_directory_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-x78w-w3vx-6qmj: IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 62022-05-17
CVEList
CVE-2011-2758: IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 62011-07-17
CVE-2011-2758 (MEDIUM CVSS 5) | IDSWebApp in the Web Administration | cvebase.io