XSS Vulnerability in IBM Tivoli Directory Server and IBM Security Directory Server
CVE-2014-6100

Currently unrated

Key Information:

Vendor: IBM
Status: Security Directory Server; Tivoli Directory Server
Vendor: CVE Published:; 19 October 2014

Summary

A cross-site scripting vulnerability exists within the Admin UI of IBM Tivoli Directory Server and IBM Security Directory Server, allowing remote authenticated users to exploit the issue by injecting arbitrary web scripts or HTML through specially crafted URLs. This can lead to unauthorized actions or compromise user sessions, making it crucial for organizations to address this security gap to protect against potential data breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/96005

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21686581

x_refsource_CONFIRM

http://secunia.com/advisories/61061

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 19, 2014
Vulnerability Reserved
Sep 2, 2014