{"vuid":"VU#194753","idnumber":"194753","name":"IBM Tivoli Directory Server may allow unauthorized access","keywords":["IBM","tivoli","directory server","unauthorized access"],"overview":"IBM Tivoli Directory Server may allow unauthorized access to change, modify, and/or delete directory data under certain circumstances.","clean_desc":"The IBM Tivoli Directory Server product is described as: IBM Tivoli Directory Server provides a powerful Lightweight Directory Access Protocol (LDAP) identity infrastructure that is the foundation for deploying comprehensive identity management applications and advanced software architectures like Web services. The Tivoli Directory Server may allow unauthorized access enabling attackers to manipulate directory data that they should not be able to access or change. Additional details about the underlying cause of the vulnerability are not available.","impact":"An attacker may be able to access, delete, modify, or change directory data.","resolution":"Apply an update\nPlease reference the IBM Security Vulnerability note on this issue for information on updates, fixes, and workarounds.","workarounds":"Use SSL communication and authentication Enabling SSL-only communication and SSL Client-Server authentication is believed to mitigate the flaw being exposed, although all customers are urged to apply the updates.","sysaffected":"","thanks":"Thanks to IBM for reporting this vulnerability.","author":"This document was written by Ken MacInnis.","public":["http://www-1.ibm.com/support/docview.wss?uid=swg21221665","http://secunia.com/advisories/17484/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-11-01T14:57:08Z","publicdate":"2005-11-09T00:00:00Z","datefirstpublished":"2005-11-17T19:39:25Z","dateupdated":"2005-12-08T15:33:16Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"17.9296875","cam_scorecurrentwidelyknown":"21.515625","cam_scorecurrentwidelyknownexploited":"35.859375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.9296875,"vulnote":null}