Lucene search

MitreCVE-2000-1239

HistoryMar 15, 2006 - 5:00 p.m.

CVE-2000-1239

2006-03-1517:00:00

mitre

web.nvd.nist.gov

cve-2000-1239

tivoli lcf

ibm tivoli

file permissions

user bypass

authenticated users.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

70.5%

JSON

The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.

Affected configurations

Nvd

Node

ibmtivoli_management_frameworkMatch3.7.1

VendorProductVersionCPE
ibmtivoli_management_framework3.7.1cpe:2.3:a:ibm:tivoli_management_framework:3.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_management_framework	3.7.1	cpe:2.3:a:ibm:tivoli_management_framework:3.7.1:::::::*

References

www-1.ibm.com/support/docview.wss?uid=swg21082896

www.securityfocus.com/bid/17085

exchange.xforce.ibmcloud.com/vulnerabilities/3927

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

70.5%

JSON

Related for CVE-2000-1239