Detections
Analytics
IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities
medium Nessus Plugin ID 66270
Language:
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote host is running a version of IBM Tivoli Endpoint Manager Server prior to 8.2.1372. It is, therefore, affected by multiple vulnerabilities :- Multiple SSL related denial of service vulnerabilities exist. (CVE-2012-2686, CVE-2013-0166)
- An SSL side-channel timing analysis attack allows full or partial plaintext recovery by a third-party listener.
(CVE-2013-0169)
- A cross-site request forgery vulnerability exists in the Use Analysis Application that can be exploited via a specially crafted AMF message. (CVE-2013-0452)
- An unspecified cross-site scripting vulnerability exists in IBM Tivoli Endpoint Manager Web Reports.
(CVE-2013-0453)
Solution
Upgrade to Tivoli Endpoint Manager Server 8.2.1372 or later.See Also
http://www.nessus.org/u?34a3ad9f
http://www.nessus.org/u?3c65c9ef
http://www.nessus.org/u?b2fcf16e
https://www-304.ibm.com/support/docview.wss?rs=1015&uid=swg21633352
https://www-304.ibm.com/support/docview.wss?rs=1015&uid=swg21633354
https://www-304.ibm.com/support/docview.wss?rs=1015&uid=swg21633351
Plugin Details
Severity: Medium
ID: 66270
File Name: ibm_tem_8_2_1372.nasl
Version: 1.17
Type: remote
Family: CGI abuses
Published: 4/30/2013
Updated: 12/5/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2013-0452
Vulnerability Information
CPE: cpe:/a:ibm:tivoli_endpoint_manager
Required KB Items: www/BigFixHTTPServer
Exploit Ease: No known exploits are available
Patch Publication Date: 3/21/2013
Vulnerability Publication Date: 2/4/2013
Reference Information
CVE: CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2013-0452, CVE-2013-0453