CVE-2008-7289

EPSS 0.36%
Veröffentlicht 21.04.2011 10:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to cause a denial of service (DB2 daemon deadlock) by making password changes that trigger updates to a DB2 password-history table.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Tivoli Directory Server Version5.2.0

Ibm ≫ Tivoli Directory Server Version5.2.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.552

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.ibm.com/support/docview.wss?uid=swg24029663

Patch

http://www.ibm.com/support/docview.wss?uid=swg1IO09667

https://nvd.nist.gov/vuln/detail/CVE-2008-7289

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-7289

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-7289

EUVD