IBM Corporation Affected

Notified:  November 03, 2005 Updated: November 17, 2005

Status

Affected

Vendor Statement

INTRODUCTION A potential security vulnerability has been identified by IBM for the IBM Tivoli Directory Server (ITDS), version 5.2.0 and 6.0.0. LAST UPDATE This information has been updated as of November 7th, 2005 STATUS IBM has identified a vulnerability that would allow unauthorized access to change, modify and/or delete directory data stored in IBM Tivoli Directory Server. While it is not believed that this vulnerability exists when the IBM Tivoli Directory Server is set to use SSL only and SSL Client Server authentication, IBM strongly recommends that all customers update their installation with the correct fix. Customers are strongly recommended to apply the appropriate fix as soon as possible. Please refer to the following link for more information: http://www-1.ibm.com/support/docview.wss?uid=swg21221665 QUESTIONS For any questions, support can be obtained through the following means: ? Local call center - A list of country-specific phone numbers can be found at: http://techsupport.services.ibm.com/guides/contacts.html ? Create PMR through the online support page: http://www-306.ibm.com/software/support/probsub.html Please refer to http://www-3.ibm.com/software/sysmgmt/products/support/ for information regarding these options.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please reference the IBM Security Vulnerability note on this issue for information on updates, fixes, and workarounds.

IBM eServer Unknown

Notified:  November 17, 2005 Updated: November 17, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.