Security Directory Server
CVE-2015-1976
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
AnalysisAI
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-284. IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. Affected products include: Ibm Security Directory Server, Ibm Tivoli Directory Server.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Security Directory Server
View allIBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect at
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Direc
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-I
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to bru
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attacke
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulner
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cros
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today