Tivoli Directory Server as bundled with WebSphere Business Events contains security exposures
This is to bring to your attention that there are 3 Security exposures that have been found in Tivoli Directory Server (TDS) 6.2 which is bundled with Websphere Business Events (WBE) version 7.x in certain combined e-assemblies downloaded.
1) Java parseDouble vulnerability (CVE-2010-4476)
2) ZDI-CAN-1022: IBM Tivoli Directory Server ibmslapd.exe Remote Code Execution Vulnerability
3) Server audit log may display userpassword in clear text
The fix for this vulnerability will be contained in the 18.104.22.168-TIV-ITDS-IF0002 maintenance package for TDS v6.2.
More support for:
WebSphere Business Events
Software version: 7.0, 7.0.1, 22.214.171.124
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS
Software edition: All Editions
Reference #: 1474188
Modified date: 27 April 2011