CVE-2015-1975
HIGHIBM Tivoli Directory Server 6.0-6.3 - Privilege Escalation via Web Administration Tool Argument Injection
Title source: llmDescription
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.
References (3)
Core 3
Core References
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/103694
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21960659
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103717
Scores
CVSS v3
7.8
EPSS
0.0049
EPSS Percentile
38.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (6)
ibm/tivoli_directory_server
6.0
ibm/tivoli_directory_server
6.1.0
ibm/tivoli_directory_server
6.2.0.0
ibm/tivoli_directory_server
6.3.0.0
ibm/tivoli_directory_server
6.3.1.0
ibm/tivoli_directory_server
6.4.0
Published
Apr 03, 2018
Tracked Since
Feb 18, 2026