CVE-2015-1959

CWE-284Improper Access Control3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 84.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Directory Server
Timeline
PublishedJun 28
Latest updateMay 17

Description

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDibm/tivoli_directory_server6 versions+5

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-wx88-xjww-5rhv: IBM Tivoli Security Directory Server 62022-05-17
CVEList
CVE-2015-1959: IBM Tivoli Security Directory Server 62015-06-28
CVE-2015-1959 (MEDIUM CVSS 4.6) | IBM Tivoli Security Directory Serve | cvebase.io