IBM » Tivoli Directory Server » 6.2.0.41 : Security Vulnerabilities, CVEs,
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Max CVSS
7.5
EPSS Score
0.28%
Published
2016-07-15
Updated
2016-07-18
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-02-08
Updated
2019-02-04
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Max CVSS
4.3
EPSS Score
0.49%
Published
2015-03-25
Updated
2017-01-03
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.
Max CVSS
5.0
EPSS Score
1.71%
Published
2012-04-22
Updated
2017-12-19
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.
Max CVSS
6.4
EPSS Score
0.36%
Published
2012-04-22
Updated
2017-12-19
5 vulnerabilities found