CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
72.3%
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_directory_server | * | cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 3.2.2 | cpe:2.3:a:ibm:tivoli_directory_server:3.2.2:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 4.1 | cpe:2.3:a:ibm:tivoli_directory_server:4.1:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 5.2.0 | cpe:2.3:a:ibm:tivoli_directory_server:5.2.0:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0 | cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.7 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.7:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.8 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.8:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.0.0.69 | cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.69:*:*:*:*:*:*:* |
ibm | tivoli_directory_server | 6.1.0 | cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:* |
www-01.ibm.com/support/docview.wss?uid=swg21591272
www.ibm.com/support/docview.wss?uid=swg1IO15761
www.ibm.com/support/docview.wss?uid=swg1IO16035
www.ibm.com/support/docview.wss?uid=swg1IO16036
www.securityfocus.com/bid/53043
www.securitytracker.com/id?1026939
exchange.xforce.ibmcloud.com/vulnerabilities/74303