IBM Support

Tivoli Directory Server as bundled with WebSphere Business Events contains security exposures

Flash (Alert)


This is to bring to your attention that there are 3 Security exposures that have been found in Tivoli Directory Server (TDS) 6.2 which is bundled with Websphere Business Events (WBE) version 7.x in certain combined e-assemblies downloaded.

1) Java parseDouble vulnerability (CVE-2010-4476)
2) ZDI-CAN-1022: IBM Tivoli Directory Server ibmslapd.exe Remote Code Execution Vulnerability
3) Server audit log may display userpassword in clear text


The fix for this vulnerability will be contained in the maintenance package for TDS v6.2.

Related information

CVE-2011-1206 TDS Remote Code Execution Vulnerability

Document information

More support for: WebSphere Business Events

Software version: 7.0, 7.0.1,

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS

Software edition: All Editions

Reference #: 1474188

Modified date: 27 April 2011

Translate this page: