CVE-2011-1820

Name of the Vulnerable Software and Affected Versions IBM Tivoli Directory Server versions 5.2 through 5.2.0.5-TIV-ITDS-IF0010 IBM Tivoli Directory Server versions 6.0 through 6.0.0.67 IBM Tivoli Directory Server versions 6.1 through 6.1.0.40 IBM Tivoli Directory Server versions 6.2 through 6.2.0.16 IBM Tivoli Directory Server versions 6.3 through 6.3.0.3

Description The issue is related to the improper handling of the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations. This might allow attackers to obtain sensitive information by reading the audit log.

Recommendations For version 5.2, update to 5.2.0.5-TIV-ITDS-IF0010 or later. For version 6.0, update to 6.0.0.67 or later. For version 6.1, update to 6.1.0.40 or later. For version 6.2, update to 6.2.0.16 or later. For version 6.3, update to 6.3.0.3 or later.