SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   IBM Tivoli Provisioning Manager Vendors:   IBM
IBM Tivoli Provisioning Manager LDAP Access Control Bug Lets Remote Users Execute SOAP Commands
SecurityTracker Alert ID:  1021394
SecurityTracker URL:  http://securitytracker.com/id/1021394
CVE Reference:   CVE-2008-5686   (Links to External Site)
Updated:  Dec 23 2008
Original Entry Date:  Dec 15 2008
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.1, 5.1.0.2, 5.1.1, 5.1.1.1
Description:   A vulnerability was reported in IBM Tivoli Provisioning Manager. A remote authenticated user can execute arbitrary SOAP commands on the target system.

A remote authenticated LDAP user within the domain or suffix of the Tivoli Provisioning Manager (TPM), Tivoli Provisioning Manager for Software (TPMfSW), or Tivoli Intelligent Orchestrator (TIO) can execute SOAP commands, even if the user is not created in the TPM user records.

Systems using LDAP authentication and sharing the LDAP service with other applications are affected.

Systems using the LDAP service only for Tivoli Provisioning Manager authentication are not affected.

Impact:   A remote authenticated user can execute arbitrary SOAP commands on the target system.
Solution:   The vendor has issued a fix (Interim Fix IF0006 for 5.1.1.1).

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21330228

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21330228 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (Solaris - SunOS), Windows (2003)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC