IBM Tivoli Access Manager for e-Business WebSEAL Multiple Vulnerabilities

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

An access and authorization control management system, installed on
the remote host is affected by multiple vulnerabilities.

Description :

According to its self-reported version, the install of the IBM Tivoli
Access Manager for e-Business WebSEAL component is affected by the
following vulnerabilities :

- An input validation error exists that could allow
directory traversal attacks having an unspecified
impact. (CVE-2010-4622, CVE-2011-0494)

- An error exists related to 'shift-reload' actions that
could allow an authenticated attacker to cause denial
of service conditions. Note that only the 6.1.1.x
branch is affected by this issue. (CVE-2010-4623)

See also :

Solution :

Apply the interim fix /
/ or later. Or apply the fixpack
6.1.1-TIV-AWS-FP0001 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 70139 ()

Bugtraq ID: 45582

CVE ID: CVE-2010-4622