CVE-2015-1976

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 89.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Server IBM Tivoli Directory Server IBM Corporation Directory Server

Timeline

PublishedFeb 8

Latest updateMay 14

Description

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/security_directory_server6.3.0.0 — 6.3.1.15+1

▶NVDibm/tivoli_directory_server6.0 — 6.0.0.77+3

▶CVEListV5ibm_corporation/directory_server6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-88qw-c22c-3qpv: IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to cras↗2022-05-14

▶

CVEList

CVE-2015-1976: IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to cras↗2017-02-08

▶