Vulnerability CVE-2012-0740 - CERT Civis.Net

Vulnerability Name:

CVE-2012-0740 (CCN-74610)

Assigned:

2012-03-30

Published:

2012-03-30

Updated:

2017-12-19

Summary:

Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-0740

Source: CCN
Type: SA48694
IBM Tivoli Directory Server Web Admin Tool Cross-Site Scripting Vulnerability

Source: CCN
Type: SA48907
IBM Tivoli Directory Server Web Admin Tool Cross-Site Scripting Vulnerability

Source: CCN
Type: IBM Security Bulletin 1591257
Security Bulletin: IBM Tivoli Directory Server Cross-Site scripting vulnerability with the Web Admin Tool (CVE-2012-0740)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg24032290

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg24032291

Source: CCN
Type: IBM Support and Downloads
Tivoli Directory Server, Version 6.1.0.48-ISS-ITDS-IF0048

Source: AIXAPAR
Type: UNKNOWN
IO14508

Source: AIXAPAR
Type: UNKNOWN
IO16016

Source: CCN
Type: OSVDB ID: 80871
IBM Tivoli Directory Server Web Admin Tool Unspecified XSS

Source: CCN
Type: OSVDB ID: 81458
IBM Tivoli Directory Server Web Admin Tool Unspecified XSS

Source: CCN
Type: BID-52844
IBM Tivoli Directory Server Web Admin Tool Cross Site Scripting Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026880

Source: XF
Type: UNKNOWN
tds-wat-xss(74610)

Source: XF
Type: UNKNOWN
tds-wat-xss(74610)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:tivoli_directory_server:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_directory_server:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_directory_server:6.3.1:*:*:*:*:*:*:*

Denotes that component is vulnerable