CVE-2000-1239

Name of the Vulnerable Software and Affected Versions IBM Tivoli Management Framework version 3.7.1

Description The issue concerns the HTTP interface of the Tivoli Lightweight Client Framework in IBM Tivoli Management Framework. It allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files. This is achieved through an unspecified manipulation of log files, as the http disable setting is set to zero during installation.

Recommendations For IBM Tivoli Management Framework version 3.7.1, consider restricting access to the log files to prevent manipulation and ensure that file permissions on Tivoli Endpoint Configuration data files are properly set to minimize the risk of exploitation.