Lucene search

IbmCVE-2012-0740

HistoryApr 22, 2012 - 6:55 p.m.

CVE-2012-0740

2012-04-2218:55:03

CWE-79

ibm

web.nvd.nist.gov

ibm

tivoli directory server

tds

xss

vulnerability

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

ibmtivoli_directory_serverMatch6.2

ibmtivoli_directory_serverMatch6.2.0.19

ibmtivoli_directory_serverMatch6.2.0.20

ibmtivoli_directory_serverMatch6.2.0.21

ibmtivoli_directory_serverMatch6.3.0

ibmtivoli_directory_serverMatch6.3.0.0

ibmtivoli_directory_serverMatch6.3.0.8

ibmtivoli_directory_serverMatch6.3.0.9

ibmtivoli_directory_serverMatch6.3.0.10

VendorProductVersionCPE
ibmtivoli_directory_server6.2cpe:2.3:a:ibm:tivoli_directory_server:6.2:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.19cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.20cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.21cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.0cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.0.0cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.0.8cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.0.9cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.0.10cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_directory_server	6.2	cpe:2.3:a:ibm:tivoli_directory_server:6.2:::::::*
ibm	tivoli_directory_server	6.2.0.19	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:::::::*
ibm	tivoli_directory_server	6.2.0.20	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:::::::*
ibm	tivoli_directory_server	6.2.0.21	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:::::::*
ibm	tivoli_directory_server	6.3.0	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:::::::*
ibm	tivoli_directory_server	6.3.0.0	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:::::::*
ibm	tivoli_directory_server	6.3.0.8	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:::::::*
ibm	tivoli_directory_server	6.3.0.9	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:::::::*
ibm	tivoli_directory_server	6.3.0.10	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg24032290

www-01.ibm.com/support/docview.wss?uid=swg24032291

www.ibm.com/support/docview.wss?uid=swg1IO14508

www.ibm.com/support/docview.wss?uid=swg1IO16016

www.securitytracker.com/id?1026880

exchange.xforce.ibmcloud.com/vulnerabilities/74610

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Related for CVE-2012-0740