Exposure of Sensitive Information to an Unauthorized Actor
IBM Tivoli Directory Server (TDS) 5.2 before 18.104.22.168-TIV-ITDS-IF0010, 6.0 before 22.214.171.124 (aka 126.96.36.199-TIV-ITDS-IF0009), 6.1 before 188.8.131.52 (aka 184.108.40.206-TIV-ITDS-IF0003), 6.2 before 220.127.116.11 (aka 18.104.22.168-TIV-ITDS-IF0002), and 6.3 before 22.214.171.124 (aka 126.96.36.199-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log.
CWE-200 - Information Exposure
An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.