Ibm Tivoli Directory Server vulnerabilities

43 known vulnerabilities affecting ibm/tivoli_directory_server.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH4MEDIUM34LOW4

Vulnerabilities

Page 1 of 3

CVE-2015-1975HIGHCVSS 7.8v6.0v6.1.0+4 more2018-04-03

CVE-2015-1975 [HIGH] CWE-74 CVE-2015-1975: The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before i The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.

nvd

CVE-2015-1976MEDIUMCVSS 5.5≥ 6.0, ≤ 6.0.0.77≥ 6.1.0, ≤ 6.1.0.72+2 more2017-02-08

CVE-2015-1976 [MEDIUM] CWE-284 CVE-2015-1976: IBM Security Directory Server could allow an authenticated user to execute commands into the web adm IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.

nvd

CVE-2015-1977HIGHCVSS 7.5v6.2.0v6.2.0.0+160 more2016-07-15

CVE-2015-1977 [HIGH] CWE-200 CVE-2015-1977: Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITD Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers

nvd

CVE-2015-1972MEDIUMCVSS 4.3v6.0v6.1.0+4 more2015-06-28

CVE-2015-1972 [MEDIUM] CWE-200 CVE-2015-1972: IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.

nvd

CVE-2015-1959MEDIUMCVSS 4.6v6.0v6.1.0+4 more2015-06-28

CVE-2015-1959 [MEDIUM] CWE-284 CVE-2015-1959: IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.

nvd

CVE-2015-1974MEDIUMCVSS 6.5v6.0v6.1.0+4 more2015-06-28

CVE-2015-1974 [MEDIUM] CWE-264 CVE-2015-1974: The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before i The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors.

nvd

CVE-2015-1978MEDIUMCVSS 4.3v6.0v6.1.0+4 more2015-06-28

CVE-2015-1978 [MEDIUM] CWE-79 CVE-2015-1978: Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

nvd

CVE-2015-2019LOWCVSS 2.1v6.0v6.1.0+4 more2015-06-28

CVE-2015-2019 [LOW] CWE-17 CVE-2015-2019: IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.

nvd

CVE-2015-0138MEDIUMCVSS 4.3≤ 6.0.0.73v6.1.0+138 more2015-03-25

CVE-2015-0138 [MEDIUM] CWE-310 CVE-2015-0138: GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66 GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remo

nvd

CVE-2014-6100LOWCVSS 3.5v6.1.0v6.1.0.0+73 more2014-10-19

CVE-2014-6100 [LOW] CWE-79 CVE-2014-6100: Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6 Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a cra

nvd

CVE-2012-0743MEDIUMCVSS 5.0≤ 6.3.0v3.2.2+17 more2012-04-22

CVE-2012-0743 [MEDIUM] CWE-399 CVE-2012-0743: IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of servi IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.

nvd

CVE-2012-0726MEDIUMCVSS 6.4≤ 6.3.0v3.2.2+17 more2012-04-22

CVE-2012-0726 [MEDIUM] CWE-310 CVE-2012-0726: The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the ( The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

nvd

CVE-2012-0740MEDIUMCVSS 4.3v6.2v6.2.0.19+7 more2012-04-22

CVE-2012-0740 [MEDIUM] CWE-79 CVE-2012-0740: Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

nvd

CVE-2011-2759MEDIUMCVSS 5.0v6.2v6.2.0.0+2 more2011-07-17

CVE-2011-2759 [MEDIUM] CWE-200 CVE-2011-2759: The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

nvd

CVE-2011-2758MEDIUMCVSS 5.0v6.2v6.2.0.0+2 more2011-07-17

CVE-2011-2758 [MEDIUM] CWE-287 CVE-2011-2758: IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.

nvd

CVE-2011-1206CRITICALCVSS 10.0PoCv5.2.0v5.2.0.4+82 more2011-04-21

CVE-2011-1206 [CRITICAL] CWE-119 CVE-2011-1206: Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TD Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows

nvd

CVE-2010-4786MEDIUMCVSS 4.0v6.0v6.0.0.0+19 more2011-04-21

CVE-2010-4786 [MEDIUM] CWE-399 CVE-2010-4786: IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote au IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon crash or hang) via a paged search, as demonstrated by a certain idsldapsearch command, related to an improper ibm-slapdIdleTimeOut configuration setting.

nvd

CVE-2008-7290MEDIUMCVSS 4.0v5.2.0v5.2.0.42011-04-21

CVE-2008-7290 [MEDIUM] CWE-399 CVE-2008-7290: Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2 Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consumption) by making many function calls.

nvd

CVE-2010-4787MEDIUMCVSS 4.0v6.0v6.0.0.0+19 more2011-04-21

CVE-2010-4787 [MEDIUM] CWE-399 CVE-2010-4787: IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote au IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing.

nvd

CVE-2009-5072MEDIUMCVSS 4.0v6.0v6.0.0.0+17 more2011-04-21

CVE-2009-5072 [MEDIUM] CWE-399 CVE-2009-5072: Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memory consumption) via an empty string argument.

nvd

1 / 3Next →