The host is running IBM Tivoli Directory Server and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks. Impact Level: Application

Apply cumulative interim fix 6.2.0.3-TIV-ITDS-IF0004, https://www-304.ibm.com/support/docview.wss?uid=swg24030320 ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****

- IDSWebApp in the Web Administration Tool not restricting access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. - The login page of IDSWebApp in the Web Administration Tool does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004

• http://osvdb.org/show/osvdb/73546
• http://secunia.com/advisories/45107

---

Updated on 2017-03-28