CVE-2015-1972

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 43.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Directory Server
Timeline
PublishedJun 28
Latest updateMay 17

Description

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/tivoli_directory_server6 versions+5

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-6244-q3jq-rx84: IBM Tivoli Security Directory Server 62022-05-17
CVEList
CVE-2015-1972: IBM Tivoli Security Directory Server 62015-06-28

💥Exploits & PoCs

1
Exploit-DB
Wireshark - my_dgt_tbcd_unpack Static Buffer Overflow2015-12-16
CVE-2015-1972 (MEDIUM CVSS 4.3) | IBM Tivoli Security Directory Serve | cvebase.io