3 results (0.029 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

08 Feb 2017 — IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. IBM Security Directory Server podría permitir a un usuario autenticado ejecutar comandos en la herramienta de administración web que causaría la caída de la herramienta. • http://www.ibm.com/support/docview.wss?uid=swg21980585 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 191EXPL: 0

15 Jul 2016 — Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en la herramienta Web Administration en IBM Tivoli Directory Serve... • http://www-01.ibm.com/support/docview.wss?uid=swg21986452 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 82EXPL: 0

19 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz del usuario de administración en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 an... • http://secunia.com/advisories/61061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •