CVE-2015-1977

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 59.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Directory Server IBM Tivoli Directory Server

Timeline

PublishedJul 15

Latest updateMay 17

Description

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/tivoli_directory_server162 versions+161

▶NVDibm/security_directory_server29 versions+28

🔴Vulnerability Details

GHSA

GHSA-jw4q-fr69-67f5: Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6↗2022-05-17

▶

CVEList

CVE-2015-1977: Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6↗2016-07-15

▶