Auth bypass in Ibm Tivoli_directory_server

CVE-2011-2758

IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive informa…

Vulnerability class: Broken Authentication

EPSS: 0.003 (57.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_directory_server — versions 6.2, 6.2.0.0, 6.2.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

45107 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
IO14060 (vendor-advisory, x_refsource_AIXAPAR)
48512 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)