PT-2012-2395 · Ibm · Ibm Tivoli Provisioning Manager Express For Software Distribution

Andrea Micalizzi

+1

·

Published

2012-03-06

·

Updated

2017-08-29

·

CVE-2012-0199

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions IBM Tivoli Provisioning Manager Express for Software Distribution version 4.1.1
Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through various means, including:
  • a SOAP message to the Printer.getPrinterAgentKey function in the "SoapServlet" servlet,
  • the User.updateUserValue function in the "register.do" servlet,
  • the User.isExistingUser function in the "logon.do" servlet,
  • the Asset.getHWKey function in the "CallHomeExec" servlet,
  • the Asset.getMimeType function in the "getAttachment" (also known as "GetAttachmentServlet") servlet,
  • the "addAsset.do" servlet,
  • or a crafted EG2 file.
Recommendations For IBM Tivoli Provisioning Manager Express for Software Distribution version 4.1.1, consider disabling the affected functions temporarily, such as Printer.getPrinterAgentKey, User.updateUserValue, User.isExistingUser, Asset.getHWKey, Asset.getMimeType, until a patch is available. Restrict access to the vulnerable servlets, including "SoapServlet", "register.do", "logon.do", "CallHomeExec", "getAttachment", and "addAsset.do", to minimize the risk of exploitation. Avoid using crafted EG2 files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2012-0199

Affected Products

Ibm Tivoli Provisioning Manager Express For Software Distribution