Information Disclosure in IBM Tivoli Directory Server Web Administration Tool
CVE-2011-2758

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Directory Server
Vendor: CVE Published:; 17 July 2011

What is CVE-2011-2758?

The Web Administration Tool in IBM Tivoli Directory Server (TDS) version 6.2 prior to 6.2.0.3-TIV-ITDS-IF0004 lacks authentication controls, enabling unauthorized remote attackers to access sensitive LDAP server log files through specially crafted URLs. This security oversight can lead to the exposure of critical user information and sensitive configurations, making it imperative for organizations to apply the recommended updates promptly.

References

http://secunia.com/advisories/45107

third-party-advisoryx_refsource_SECUNIA

http://www.ibm.com/support/docview.wss?uid=swg24030320

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg1IO14060

vendor-advisoryx_refsource_AIXAPAR

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 17, 2011