CVE-2015-1959

IBM Tivoli Directory Server 6.0-6.4 - Improper Access Control via Encrypted File Handling

Title source: llm
STIX 2.1

Description

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032734
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21960659
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75442

Scores

EPSS 0.0035
EPSS Percentile 27.4%

Details

CWE
CWE-284
Status published
Products (6)
ibm/tivoli_directory_server 6.0
ibm/tivoli_directory_server 6.1.0
ibm/tivoli_directory_server 6.2.0.0
ibm/tivoli_directory_server 6.3.0.0
ibm/tivoli_directory_server 6.3.1.0
ibm/tivoli_directory_server 6.4.0
Published Jun 28, 2015
Tracked Since Feb 18, 2026