CVE-2015-1976

MEDIUM

IBM Security Directory Server < 6.3.1.15 - Improper Access Control

Title source: rule

Description

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.

References (2)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21980585

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90526

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 10.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-284

Status published

Affected Products (8)

ibm/security_directory_server < 6.3.1.15

ibm/tivoli_directory_server < 6.0.0.77

IBM Corporation/Directory Server < 6.1

IBM Corporation/Directory Server < 6.2

IBM Corporation/Directory Server < 6.3

IBM Corporation/Directory Server < 6.3.1

IBM Corporation/Directory Server < 6.0

IBM Corporation/Directory Server < 6.4

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026