Vulnerability Details CVE-2011-2759
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165
- http://www.ibm.com/support/docview.wss?uid=swg1IO14165
- http://www.ibm.com/support/docview.wss?uid=swg24030320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68585
- http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165
- http://www.ibm.com/support/docview.wss?uid=swg1IO14165
- http://www.ibm.com/support/docview.wss?uid=swg24030320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68585
Products affected by CVE-2011-2759
-
cpe:2.3:a:ibm:tivoli_directory_server:6.2
-
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0
-
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1
-
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2