There is a potential security exposure in Tivoli Directory Server (TDS) that could affect WebSphere Commerce users.
A malicious LDAP request might cause a buffer overrun in the server, potentially allowing a remote attacker to execute arbitrary code within Tivoli Directory Server's server process. Authentication is
not required to exploit this vulnerability. The vulnerability could affect WebSphere Commerce V6.0 or V7.0 environments using TDS V5.x and V6.x for LDAP.
Resolving the problem
WebSphere Commerce environments using Tivoli Directory Server V5.x or V6.x for LDAP might be vulnerable.
The following versions are at risk:
WebSphere Commerce V6.0 which supports the use of TDS V5.1, V5.2, V6.0, and V6.1.
WebSphere Commerce V7.0 which supports the use of TDS V6.0, V6.1, and V6.2.
For full details on the problem and the available solutions, see the following Tivoli Directory Server document: