CVE-2011-2759

EUVD-2011-2734
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_directory_server
6.2
ibmtivoli_directory_server
6.2.0.0
ibmtivoli_directory_server
6.2.0.1
ibmtivoli_directory_server
6.2.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165
http://www.ibm.com/support/docview.wss?uid=swg1IO14165
http://www.ibm.com/support/docview.wss?uid=swg24030320
https://exchange.xforce.ibmcloud.com/vulnerabilities/68585
http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165
http://www.ibm.com/support/docview.wss?uid=swg1IO14165
http://www.ibm.com/support/docview.wss?uid=swg24030320
https://exchange.xforce.ibmcloud.com/vulnerabilities/68585