Command Restriction Bypass in IBM Tivoli Security Directory Server
CVE-2015-1974

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Directory Server
Vendor: CVE Published:; 28 June 2015

Summary

The web administration interface of IBM Tivoli Security Directory Server prior to the specified iFix versions contains a vulnerability that enables remote authenticated users to circumvent intended command restrictions. This could allow them to execute commands that are normally restricted, potentially leading to unauthorized access and actions within the server environment. Organizations using affected versions should consider updating to the latest security patches to mitigate this risk.

References

http://www.securityfocus.com/bid/75438

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032734

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21960659

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 28, 2015
Vulnerability Reserved
Feb 19, 2015