CVE-2015-1977
high-risk
Published 2016-07-15
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Tivoli Directory Server
Affected Vendors
References (2)
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21986452
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21986452
60
/ 100
high-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
33/34 · Critical