CVE-2010-4788

medium

Published 2011-04-21 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

4.0

Description

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
ibm	tivoli_directory_server	`6.0`
ibm	tivoli_directory_server	`6.0.0.0`
ibm	tivoli_directory_server	`6.0.0.1`
ibm	tivoli_directory_server	`6.0.0.7`
ibm	tivoli_directory_server	`6.0.0.8`
ibm	tivoli_directory_server	`6.0.0.14`
ibm	tivoli_directory_server	`6.0.0.19`
ibm	tivoli_directory_server	`6.0.0.33`
ibm	tivoli_directory_server	`6.0.0.41`
ibm	tivoli_directory_server	`6.0.0.45`
ibm	tivoli_directory_server	`6.0.0.52`
ibm	tivoli_directory_server	`6.0.0.53`
ibm	tivoli_directory_server	`6.0.0.54`
ibm	tivoli_directory_server	`6.0.0.55`
ibm	tivoli_directory_server	`6.0.0.56`
ibm	tivoli_directory_server	`6.0.0.57`
ibm	tivoli_directory_server	`6.0.0.58`
ibm	tivoli_directory_server	`6.0.0.59`
ibm	tivoli_directory_server	`6.0.0.60`
ibm	tivoli_directory_server	`6.0.0.61`

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.