Description
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21986452
Scores
CVSS v3
7.5
EPSS
0.0168
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (50)
ibm/security_directory_server
6.4.0
ibm/security_directory_server
6.4.0.0
ibm/security_directory_server
6.4.0.1
ibm/security_directory_server
6.4.0.2
ibm/security_directory_server
6.4.0.3
ibm/security_directory_server
6.4.0.4
ibm/security_directory_server
6.4.0.5
ibm/security_directory_server
6.4.0.6
ibm/security_directory_server
6.4.0.7
ibm/security_directory_server
6.4.0.8
... and 40 more
Published
Jul 15, 2016
Tracked Since
Feb 18, 2026