Lucene search

IbmCVE-2014-6100

HistoryOct 19, 2014 - 1:55 a.m.

CVE-2014-6100

2014-10-1901:55:15

CWE-79

ibm

web.nvd.nist.gov

cve

2014

6100

cross-site scripting

xss

vulnerability

ibm

tivoli directory server

security directory server

remote authenticated users

web script

html

url

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected configurations

Nvd

Node

ibmsecurity_directory_serverMatch6.3.1

ibmsecurity_directory_serverMatch6.3.1.1

ibmsecurity_directory_serverMatch6.3.1.2

ibmsecurity_directory_serverMatch6.3.1.3

ibmsecurity_directory_serverMatch6.3.1.4

ibmsecurity_directory_serverMatch6.3.1.5

ibmsecurity_directory_serverMatch6.3.1.6

ibmtivoli_directory_serverMatch6.1.0

ibmtivoli_directory_serverMatch6.1.0.0

ibmtivoli_directory_serverMatch6.1.0.1

ibmtivoli_directory_serverMatch6.1.0.2

ibmtivoli_directory_serverMatch6.1.0.3

ibmtivoli_directory_serverMatch6.1.0.4

ibmtivoli_directory_serverMatch6.1.0.5

ibmtivoli_directory_serverMatch6.1.0.6

ibmtivoli_directory_serverMatch6.1.0.7

ibmtivoli_directory_serverMatch6.1.0.8

ibmtivoli_directory_serverMatch6.1.0.9

ibmtivoli_directory_serverMatch6.1.0.10

ibmtivoli_directory_serverMatch6.1.0.11

ibmtivoli_directory_serverMatch6.1.0.12

ibmtivoli_directory_serverMatch6.1.0.13

ibmtivoli_directory_serverMatch6.1.0.14

ibmtivoli_directory_serverMatch6.1.0.15

ibmtivoli_directory_serverMatch6.1.0.17

ibmtivoli_directory_serverMatch6.1.0.18

ibmtivoli_directory_serverMatch6.1.0.19

ibmtivoli_directory_serverMatch6.1.0.20

ibmtivoli_directory_serverMatch6.1.0.21

ibmtivoli_directory_serverMatch6.1.0.22

ibmtivoli_directory_serverMatch6.1.0.23

ibmtivoli_directory_serverMatch6.1.0.24

ibmtivoli_directory_serverMatch6.1.0.25

ibmtivoli_directory_serverMatch6.1.0.26

ibmtivoli_directory_serverMatch6.1.0.27

ibmtivoli_directory_serverMatch6.1.0.28

ibmtivoli_directory_serverMatch6.1.0.29

ibmtivoli_directory_serverMatch6.1.0.30

ibmtivoli_directory_serverMatch6.1.0.31

ibmtivoli_directory_serverMatch6.1.0.32

ibmtivoli_directory_serverMatch6.1.0.33

ibmtivoli_directory_serverMatch6.1.0.34

ibmtivoli_directory_serverMatch6.1.0.35

ibmtivoli_directory_serverMatch6.1.0.36

ibmtivoli_directory_serverMatch6.1.0.37

ibmtivoli_directory_serverMatch6.1.0.38

ibmtivoli_directory_serverMatch6.1.0.39

ibmtivoli_directory_serverMatch6.1.0.45

ibmtivoli_directory_serverMatch6.1.0.46

ibmtivoli_directory_serverMatch6.1.0.47

ibmtivoli_directory_serverMatch6.1.0.48

ibmtivoli_directory_serverMatch6.1.0.63

ibmtivoli_directory_serverMatch6.2

ibmtivoli_directory_serverMatch6.2.0

ibmtivoli_directory_serverMatch6.2.0.0

ibmtivoli_directory_serverMatch6.2.0.1

ibmtivoli_directory_serverMatch6.2.0.2

ibmtivoli_directory_serverMatch6.2.0.3

ibmtivoli_directory_serverMatch6.2.0.4

ibmtivoli_directory_serverMatch6.2.0.5

ibmtivoli_directory_serverMatch6.2.0.6

ibmtivoli_directory_serverMatch6.2.0.7

ibmtivoli_directory_serverMatch6.2.0.8

ibmtivoli_directory_serverMatch6.2.0.10

ibmtivoli_directory_serverMatch6.2.0.11

ibmtivoli_directory_serverMatch6.2.0.12

ibmtivoli_directory_serverMatch6.2.0.13

ibmtivoli_directory_serverMatch6.2.0.14

ibmtivoli_directory_serverMatch6.2.0.15

ibmtivoli_directory_serverMatch6.2.0.19

ibmtivoli_directory_serverMatch6.2.0.20

ibmtivoli_directory_serverMatch6.2.0.21

ibmtivoli_directory_serverMatch6.2.0.22

ibmtivoli_directory_serverMatch6.2.0.38

ibmtivoli_directory_serverMatch6.3.0

ibmtivoli_directory_serverMatch6.3.0.0

ibmtivoli_directory_serverMatch6.3.0.1

ibmtivoli_directory_serverMatch6.3.0.2

ibmtivoli_directory_serverMatch6.3.0.8

ibmtivoli_directory_serverMatch6.3.0.9

ibmtivoli_directory_serverMatch6.3.0.10

ibmtivoli_directory_serverMatch6.3.0.32

VendorProductVersionCPE
ibmsecurity_directory_server6.3.1cpe:2.3:a:ibm:security_directory_server:6.3.1:*:*:*:*:*:*:*
ibmsecurity_directory_server6.3.1.1cpe:2.3:a:ibm:security_directory_server:6.3.1.1:*:*:*:*:*:*:*
ibmsecurity_directory_server6.3.1.2cpe:2.3:a:ibm:security_directory_server:6.3.1.2:*:*:*:*:*:*:*
ibmsecurity_directory_server6.3.1.3cpe:2.3:a:ibm:security_directory_server:6.3.1.3:*:*:*:*:*:*:*
ibmsecurity_directory_server6.3.1.4cpe:2.3:a:ibm:security_directory_server:6.3.1.4:*:*:*:*:*:*:*
ibmsecurity_directory_server6.3.1.5cpe:2.3:a:ibm:security_directory_server:6.3.1.5:*:*:*:*:*:*:*
ibmsecurity_directory_server6.3.1.6cpe:2.3:a:ibm:security_directory_server:6.3.1.6:*:*:*:*:*:*:*
ibmtivoli_directory_server6.1.0cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.1.0.0cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.1.0.1cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_directory_server	6.3.1	cpe:2.3:a:ibm:security_directory_server:6.3.1:::::::*
ibm	security_directory_server	6.3.1.1	cpe:2.3:a:ibm:security_directory_server:6.3.1.1:::::::*
ibm	security_directory_server	6.3.1.2	cpe:2.3:a:ibm:security_directory_server:6.3.1.2:::::::*
ibm	security_directory_server	6.3.1.3	cpe:2.3:a:ibm:security_directory_server:6.3.1.3:::::::*
ibm	security_directory_server	6.3.1.4	cpe:2.3:a:ibm:security_directory_server:6.3.1.4:::::::*
ibm	security_directory_server	6.3.1.5	cpe:2.3:a:ibm:security_directory_server:6.3.1.5:::::::*
ibm	security_directory_server	6.3.1.6	cpe:2.3:a:ibm:security_directory_server:6.3.1.6:::::::*
ibm	tivoli_directory_server	6.1.0	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:::::::*
ibm	tivoli_directory_server	6.1.0.0	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:::::::*
ibm	tivoli_directory_server	6.1.0.1	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:::::::*

Rows per page:

1-10 of 821

References

secunia.com/advisories/61061

www-01.ibm.com/support/docview.wss?uid=swg21686581

exchange.xforce.ibmcloud.com/vulnerabilities/96005

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

Related for CVE-2014-6100