PT-2000-2018 · Ibm · Tivoli Lightweight Client Framework+2

Published

2000-12-31

Updated

2017-07-20

CVE-2000-1239

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Tivoli Management Framework version 3.7.1

Description The issue concerns the HTTP interface of the Tivoli Lightweight Client Framework in IBM Tivoli Management Framework. It allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files. This is achieved through an unspecified manipulation of log files, as the http disable setting is set to zero during installation.

Recommendations For IBM Tivoli Management Framework version 3.7.1, consider restricting access to the log files to prevent manipulation and ensure that file permissions on Tivoli Endpoint Configuration data files are properly set to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1239

Affected Products

Ibm Tivoli Management Framework

Tivoli Endpoint Configuration

Tivoli Lightweight Client Framework

PT-2000-2018 · Ibm · Tivoli Lightweight Client Framework+2

CVE-2000-1239

Related Identifiers

Affected Products

References · 4