IBM Tivoli Directory Server Web Admin tool 6.1.0.x < / 6.2.0.x < / 6.3.0.x < Cross-Site Scripting Vulnerability

Medium Nessus Network Monitor Plugin ID 6478


The remote server is prone to a cross-site scripting vulnerability.


nThe remote host is running the IBM Tivoli Directory Server Web Admin tool.

Versions earlier than (Web Admin Version 4.0027), (Web Admin Version 5.0015) or versions earlier than (Web Admin Version 6.0006) are vulnerable to a cross-site scripting attack. The application fails to sanitize user-supplied input submitted to the Web Admin Tool. Attackers can exploit this issue to execute an arbitrary script in the context of the browser.


Upgrade to Tivoli Directory Server (Web Admin Version 4.0027), (Web Admin version 5.0015), (Web Admin version 6.0006) or later.

See Also

Plugin Details

Severity: Medium

ID: 6478

File Name: 6478.prm

Family: Web Servers

Published: 2012/05/04

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 4.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2012/04/02

Vulnerability Publication Date: 2012/03/30

Reference Information

CVE: CVE-2012-0740

BID: 52844