CVE-2011-2759

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 51.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Directory Server
Timeline
PublishedJul 17
Latest updateMay 17

Description

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/tivoli_directory_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-xxx3-q2f4-59h7: The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 62022-05-17
CVEList
CVE-2011-2759: The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 62011-07-17
CVE-2011-2759 (MEDIUM CVSS 5) | The login page of IDSWebApp in the | cvebase.io