CVE-2014-6100

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

3.5LOW

EPSS

0.2%

top 59.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Server IBM Tivoli Directory Server

Timeline

PublishedOct 19

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/tivoli_directory_server75 versions+74

▶NVDibm/security_directory_server7 versions+6

🔴Vulnerability Details

GHSA

GHSA-5ccr-98w8-p4gh: Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6↗2022-05-17

▶

CVEList

CVE-2014-6100: Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6↗2014-10-19

▶