IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 prior to 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote malicious users to obtain sensitive information via a crafted URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm tivoli directory server 6.2 |
||
ibm tivoli directory server 6.2.0.0 |
||
ibm tivoli directory server 6.2.0.1 |
||
ibm tivoli directory server 6.2.0.2 |