Tivoli Directory Server as bundled with WebSphere Business Events contains security exposures

Flash (Alert)


Abstract

This is to bring to your attention that there are 3 Security exposures that have been found in Tivoli Directory Server (TDS) 6.2 which is bundled with Websphere Business Events (WBE) version 7.x in certain combined e-assemblies downloaded.

1) Java parseDouble vulnerability (CVE-2010-4476)
2) ZDI-CAN-1022: IBM Tivoli Directory Server ibmslapd.exe Remote Code Execution Vulnerability
3) Server audit log may display userpassword in clear text

Content

The fix for this vulnerability will be contained in the 6.2.0.3-TIV-ITDS-IF0002 maintenance package for TDS v6.2.

Related information

CVE-2011-1206 TDS Remote Code Execution Vulnerability

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Business Events
Usability

Software version:

7.0, 7.0.1, 7.0.1.1

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, z/OS

Software edition:

All Editions

Reference #:

1474188

Modified date:

2011-04-27

Translate my page

Machine Translation

Content navigation