VIR Vulnerability Intelligence Relay

CVE-2012-0726

medium
Published 2012-04-22 · Modified 2026-04-29
CVSS v3
CVSS v2
6.4
VIR risk
6.4

Description

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
ibm ibmtivoli_directory_server{"endIncluding":"6.3.0"}
ibm ibmtivoli_directory_server3.2.2
ibm ibmtivoli_directory_server4.1
ibm ibmtivoli_directory_server5.2.0
ibm ibmtivoli_directory_server6.0
ibm ibmtivoli_directory_server6.0.0
ibm ibmtivoli_directory_server6.0.0.7
ibm ibmtivoli_directory_server6.0.0.8
ibm ibmtivoli_directory_server6.0.0.69
ibm ibmtivoli_directory_server6.1.0
ibm ibmtivoli_directory_server6.1.0.45
ibm ibmtivoli_directory_server6.1.0.46
ibm ibmtivoli_directory_server6.1.0.47
ibm ibmtivoli_directory_server6.1.0.48
ibm ibmtivoli_directory_server6.2.0
ibm ibmtivoli_directory_server6.2.0.19
ibm ibmtivoli_directory_server6.2.0.20
ibm ibmtivoli_directory_server6.2.0.21
ibm ibmtivoli_directory_server6.2.0.22

References

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.