cnvd-2015-04105
Vulnerability from cnvd

Title: IBM Tivoli Security Directory Server安全绕过漏洞

Description:

IBM Tivoli Security Directory Server(现称IBM Security Directory Server,ISDS)是美国IBM公司的一套使用了轻量级目录访问协议(LDAP)的企业身份管理软件。该软件提供一个可信的身份数据基础架构,用于身份验证。

IBM Tivoli Security Directory Server的Web管理工具中存在安全漏洞。远程攻击者可利用该漏洞绕过既定的命令限制。

Severity:

Patch Name: IBM Tivoli Security Directory Server安全绕过漏洞的补丁

Patch Description:

IBM Tivoli Security Directory Server(现称IBM Security Directory Server,ISDS)是美国IBM公司的一套使用了轻量级目录访问协议(LDAP)的企业身份管理软件。该软件提供一个可信的身份数据基础架构,用于身份验证。IBM Tivoli Security Directory Server的Web管理工具中存在安全漏洞。远程攻击者可利用该漏洞绕过既定的命令限制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg21960659

Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21960659

Impacted products
Name
['IBM Tivoli Security Directory Server 6.0(<iFix 75)', 'IBM Tivoli Security Directory Server 6.1(<iFix 68)', 'IBM Tivoli Security Directory Server 6.2(<iFix 44)', 'IBM Tivoli Security Directory Server 6.3(<iFix 37)', 'IBM Tivoli Security Directory Server 6.3.1(<iFix 110', 'IBM Tivoli Security Directory Server 6.4(<iFix 2)']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "75438"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1974"
    }
  },
  "description": "IBM Tivoli Security Directory Server\uff08\u73b0\u79f0IBM Security Directory Server\uff0cISDS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4f7f\u7528\u4e86\u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u7684\u4f01\u4e1a\u8eab\u4efd\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e00\u4e2a\u53ef\u4fe1\u7684\u8eab\u4efd\u6570\u636e\u57fa\u7840\u67b6\u6784\uff0c\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u3002\r\n\r\nIBM Tivoli Security Directory Server\u7684Web\u7ba1\u7406\u5de5\u5177\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u65e2\u5b9a\u7684\u547d\u4ee4\u9650\u5236\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21960659",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04105",
  "openTime": "2015-06-30",
  "patchDescription": "IBM Tivoli Security Directory Server\uff08\u73b0\u79f0IBM Security Directory Server\uff0cISDS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4f7f\u7528\u4e86\u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u7684\u4f01\u4e1a\u8eab\u4efd\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e00\u4e2a\u53ef\u4fe1\u7684\u8eab\u4efd\u6570\u636e\u57fa\u7840\u67b6\u6784\uff0c\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u3002IBM Tivoli Security Directory Server\u7684Web\u7ba1\u7406\u5de5\u5177\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u65e2\u5b9a\u7684\u547d\u4ee4\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Tivoli Security Directory Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Tivoli Security Directory Server  6.0(\u003ciFix 75)",
      "IBM Tivoli Security Directory Server  6.1(\u003ciFix 68)",
      "IBM Tivoli Security Directory Server  6.2(\u003ciFix 44)",
      "IBM Tivoli Security Directory Server  6.3(\u003ciFix 37)",
      "IBM Tivoli Security Directory Server  6.3.1(\u003ciFix 110",
      "IBM Tivoli Security Directory Server  6.4(\u003ciFix 2)"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-29",
  "title": "IBM Tivoli Security Directory Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.