N/A

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.

N/A

N/A

IBM Global Security Kit 权限许可和访问控制漏洞

IBM Rational Directory Server（RDS）是美国IBM公司的一套用于用户认证和Rational方案（用于开发商业应用和构建软件产品及系统）管理的企业目录解决方案。该方案支持定义和管理用户信息，无需对相同的用户进行多次用户信息认证。 使用在IBM Rational Directory Server、IBM Tivoli Directory Server和其他产品中的IBM Global Security Kit （又名GSKit） 8.0.14.22之前版本中存在漏洞，该漏洞源于使

N/A

N/A