CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1974
https://notcve.org/view.php?id=CVE-2015-1974
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors. La herramineta de administración web en IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 permite a usuarios remotos autenticados evadir las restricciones de comandos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 http://www.securityfocus.com/bid/75438 http://www.securitytracker.com/id/1032734 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1959
https://notcve.org/view.php?id=CVE-2015-1959
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action. IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 no restringe correctamente los ficheros codificados, lo que permite a usuarios locales obtener información sensible o posiblemente tener otro impacto no especificado a través de una acción (1) de descarga o (2) subida. • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 http://www.securityfocus.com/bid/75442 http://www.securitytracker.com/id/1032734 • CWE-284: Improper Access Control •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2019
https://notcve.org/view.php?id=CVE-2015-2019
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. IBM Tivoli Security Directory Server 6.0 en versiones anteriores a iFix 75, 6.1 en versiones anteriores a iFix 68, 6.2 en versiones anteriores a iFix 44, 6.3 en versiones anteriores a iFix 37, 6.3.1 en versiones anteriores a iFix 11 y 6.4 en versiones anteriores a iFix 2 no previene correctamente el almacenamiento en caché de documentos recuperados en sesiones SSL, lo que permite a atacantes fisicamente próximos obtener información sensible aprovechando un puesto de trabajo desatendido. • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 http://www.securityfocus.com/bid/75437 http://www.securitytracker.com/id/1032734 • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 140EXPL: 0CVE-2015-0138 – JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)
https://notcve.org/view.php?id=CVE-2015-0138
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. GSKit en IBM Tivoli Directory Server (ITDS) 6.0 anterior a 6.0.0.73-ISS-ITDS-IF0073, 6.1 anterior a 6.1.0.66-ISS-ITDS-IF0066, 6.2 anterior a 6.2.0.42-ISS-ITDS-IF0042, y 6.3 anterior a 6.3.0.35-ISS-ITDS-IF0035 e IBM Security Directory Server (ISDS) 6.3.1 anterior a 6.3.1.9-ISS-ISDS-IF0009 no restringe correctamente las transiciones de estados de TLS, lo que facilita a atacantes remotos realizar ataques de degradación de cifrado sobre los cifrados EXPORT_RSA a través de trafico de TLS manipulado, relacionado con el problema 'FREAK', una vulnerabilidad diferente a CVE-2015-0204. • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-1006.html http://rhn.redhat.com/errata/RHSA-2015-1007.html http://rhn.redhat.com&#x • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 3.5EPSS: 0%CPEs: 82EXPL: 0CVE-2014-6100
https://notcve.org/view.php?id=CVE-2014-6100
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz del usuario de administración en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 anterior a 6.2.0.39-ISS-ITDS-FP0039, y 6.3 anterior a 6.3.0.33-ISS-ITDS-IF0033, e IBM Security Directory Server 6.3.1 anterior a 6.3.1.7-ISS-ISDS-IF0007, permite a usuarios remotos autenticados inyectar secuencias de comandos web a través de una URL manipulada. • http://secunia.com/advisories/61061 http://www-01.ibm.com/support/docview.wss?uid=swg21686581 https://exchange.xforce.ibmcloud.com/vulnerabilities/96005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •