Lucene search

[email protected]NVD:CVE-2000-1239

HistoryDec 31, 2000 - 5:00 a.m.

CVE-2000-1239

2000-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

70.5%

JSON

The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.

Affected configurations

Nvd

Node

ibmtivoli_management_frameworkMatch3.7.1

VendorProductVersionCPE
ibmtivoli_management_framework3.7.1cpe:2.3:a:ibm:tivoli_management_framework:3.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_management_framework	3.7.1	cpe:2.3:a:ibm:tivoli_management_framework:3.7.1:::::::*

References

www-1.ibm.com/support/docview.wss?uid=swg21082896

www.securityfocus.com/bid/17085

exchange.xforce.ibmcloud.com/vulnerabilities/3927

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

70.5%

JSON

Related for NVD:CVE-2000-1239

cvelist1 cve1