Lucene search

IbmCVE-2015-1978

HistoryJun 28, 2015 - 3:59 p.m.

CVE-2015-1978

2015-06-2815:59:02

CWE-79

ibm

web.nvd.nist.gov

cve-2015-1978

cross-site scripting

xss

ibm tivoli security directory server

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

ibmtivoli_directory_serverMatch6.0

ibmtivoli_directory_serverMatch6.1.0

ibmtivoli_directory_serverMatch6.2.0.0

ibmtivoli_directory_serverMatch6.3.0.0

ibmtivoli_directory_serverMatch6.3.1.0

ibmtivoli_directory_serverMatch6.4.0

VendorProductVersionCPE
ibmtivoli_directory_server6.0cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.1.0cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.0cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.0.0cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.1.0cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.4.0cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_directory_server	6.0	cpe:2.3:a:ibm:tivoli_directory_server:6.0:::::::*
ibm	tivoli_directory_server	6.1.0	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:::::::*
ibm	tivoli_directory_server	6.2.0.0	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:::::::*
ibm	tivoli_directory_server	6.3.0.0	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:::::::*
ibm	tivoli_directory_server	6.3.1.0	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:::::::*
ibm	tivoli_directory_server	6.4.0	cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21960659

www.securityfocus.com/bid/75435

www.securitytracker.com/id/1032734

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

Related for CVE-2015-1978