CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1975
https://notcve.org/view.php?id=CVE-2015-1975
03 Apr 2018 — The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694. La herramienta de administración web en IBM Tivoli Security Directory Server, en versiones 6.0 anteriores a iFix 75, versiones 6.1 anteriores a iFix 68, versiones 6.2 anteriores a... • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1976
https://notcve.org/view.php?id=CVE-2015-1976
08 Feb 2017 — IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. IBM Security Directory Server podría permitir a un usuario autenticado ejecutar comandos en la herramienta de administración web que causaría la caída de la herramienta. • http://www.ibm.com/support/docview.wss?uid=swg21980585 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 191EXPL: 0CVE-2015-1977
https://notcve.org/view.php?id=CVE-2015-1977
15 Jul 2016 — Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en la herramienta Web Administration en IBM Tivoli Directory Serve... • http://www-01.ibm.com/support/docview.wss?uid=swg21986452 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1959
https://notcve.org/view.php?id=CVE-2015-1959
28 Jun 2015 — IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action. IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 an... • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1972
https://notcve.org/view.php?id=CVE-2015-1972
28 Jun 2015 — IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request. IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 permite a atacantes remotos obtener información sensible de registros de e... • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1974
https://notcve.org/view.php?id=CVE-2015-1974
28 Jun 2015 — The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors. La herramineta de administración web en IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix ... • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1978
https://notcve.org/view.php?id=CVE-2015-1978
28 Jun 2015 — Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Tivoli Security Directory Server 6.0 anterior a iFix 75, 6.1 anterior a iFix 68, 6.2 anterior a iFix 44, 6.3 anterior a iFix 37, 6.3.1 anterior a iFix 11, y 6.4 anterior a iFix 2 permite a a... • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2019
https://notcve.org/view.php?id=CVE-2015-2019
28 Jun 2015 — IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. IBM Tivoli Security Directory Server 6.0 en versiones anteriores a iFix 75, 6.1 en versiones anteriores a iFix 68, 6.2 en versiones anteriores a iFix 44, 6.3 en versione... • http://www-01.ibm.com/support/docview.wss?uid=swg21960659 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 1%CPEs: 140EXPL: 0CVE-2015-0138 – JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)
https://notcve.org/view.php?id=CVE-2015-0138
25 Mar 2015 — GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CV... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.4EPSS: 0%CPEs: 82EXPL: 0CVE-2014-6100
https://notcve.org/view.php?id=CVE-2014-6100
19 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz del usuario de administración en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 an... • http://secunia.com/advisories/61061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •