IBM Tivoli Directory Server Web Admin tool 6.1.0.x < 6.1.0.48 / 6.2.0.x < 6.2.0.22 / 6.3.0.x < 6.3.0.11 Cross-Site Scripting Vulnerability

Medium Nessus Network Monitor Plugin ID 6478

Synopsis

The remote server is prone to a cross-site scripting vulnerability.

Description

nThe remote host is running the IBM Tivoli Directory Server Web Admin tool.

Versions earlier than 6.1.0.48 (Web Admin Version 4.0027), 6.2.0.22 (Web Admin Version 5.0015) or versions earlier than 6.3.0.11 (Web Admin Version 6.0006) are vulnerable to a cross-site scripting attack. The application fails to sanitize user-supplied input submitted to the Web Admin Tool. Attackers can exploit this issue to execute an arbitrary script in the context of the browser.

Solution

Upgrade to Tivoli Directory Server 6.1.0.48 (Web Admin Version 4.0027), 6.2.0.22 (Web Admin version 5.0015), 6.3.0.11 (Web Admin version 6.0006) or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg24032290

http://www-01.ibm.com/support/docview.wss?uid=swg24032291

Plugin Details

Severity: Medium

ID: 6478

File Name: 6478.prm

Family: Web Servers

Published: 2012/05/04

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2012/04/02

Vulnerability Publication Date: 2012/03/30

Reference Information

CVE: CVE-2012-0740

BID: 52844