Detections
Analytics

IBM Tivoli Directory Server Web Admin tool 6.1.0.x < 6.1.0.48 / 6.2.0.x < 6.2.0.22 / 6.3.0.x < 6.3.0.11 Cross-Site Scripting Vulnerability

low Nessus Network Monitor Plugin ID 6478

Synopsis

The remote server is prone to a cross-site scripting vulnerability.

Description

nThe remote host is running the IBM Tivoli Directory Server Web Admin tool.

Versions earlier than 6.1.0.48 (Web Admin Version 4.0027), 6.2.0.22 (Web Admin Version 5.0015) or versions earlier than 6.3.0.11 (Web Admin Version 6.0006) are vulnerable to a cross-site scripting attack. The application fails to sanitize user-supplied input submitted to the Web Admin Tool. Attackers can exploit this issue to execute an arbitrary script in the context of the browser.

Solution

Upgrade to Tivoli Directory Server 6.1.0.48 (Web Admin Version 4.0027), 6.2.0.22 (Web Admin version 5.0015), 6.3.0.11 (Web Admin version 6.0006) or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg24032290

http://www-01.ibm.com/support/docview.wss?uid=swg24032291

Plugin Details

Severity: Low

ID: 6478

Family: Web Servers

Published: 5/4/2012

Updated: 3/6/2019

Nessus ID: 58816

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_directory_server

Patch Publication Date: 4/2/2012

Vulnerability Publication Date: 3/30/2012

Reference Information

CVE: CVE-2012-0740

BID: 52844