CVE-2014-6100

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21686581	Vendor Advisory
http://secunia.com/advisories/61061
https://exchange.xforce.ibmcloud.com/vulnerabilities/96005

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.5:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.4:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.2:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.3:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.6:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.2:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:::::::*
cpe:2.3:a:ibm:security_directory_server:6.3.1:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:::::::*
cpe:2.3:a:ibm:security_directory_server:6.3.1.1:::::::*

Information

Published : 2014-10-18 18:55

Updated : 2017-09-07 18:29

NVD link : CVE-2014-6100

Mitre link : CVE-2014-6100

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

ibm

tivoli_directory_server
security_directory_server

3.5 /10