icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

IBM Tivoli Directory Server Web Admin tool 6.1.0.x < 6.1.0.48 / 6.2.0.x < 6.2.0.22 / 6.3.0.x < 6.3.0.11 Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote server is prone to a cross-site scripting vulnerability.

Description

nThe remote host is running the IBM Tivoli Directory Server Web Admin tool.

Versions earlier than 6.1.0.48 (Web Admin Version 4.0027), 6.2.0.22 (Web Admin Version 5.0015) or versions earlier than 6.3.0.11 (Web Admin Version 6.0006) are vulnerable to a cross-site scripting attack. The application fails to sanitize user-supplied input submitted to the Web Admin Tool. Attackers can exploit this issue to execute an arbitrary script in the context of the browser.

Solution

Upgrade to Tivoli Directory Server 6.1.0.48 (Web Admin Version 4.0027), 6.2.0.22 (Web Admin version 5.0015), 6.3.0.11 (Web Admin version 6.0006) or later.