Directory Traversal Vulnerability in IBM Tivoli Directory Server and IBM Security Directory Server
CVE-2015-1977

7.5HIGH

Key Information:

Vendor: IBM
Status: Tivoli Directory Server
Vendor: CVE Published:; 15 July 2016

Summary

A directory traversal vulnerability exists in IBM Tivoli Directory Server and IBM Security Directory Server, allowing remote attackers to exploit the Web Administration tool. By manipulating URL parameters with '..', attackers can access arbitrary files on the server. This security issue impacts multiple versions of both servers and poses significant risks, as unauthorized file access could lead to the exposure of sensitive information. System administrators should ensure their products are updated to prevent potential breaches.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21986452

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2016
Vulnerability Reserved
Feb 19, 2015