IBM Tivoli NetView for z/OS Privilege Escalation

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host may be running software with a privilege escalation
vulnerability.

Description :

The remote host appears to have IBM Tivoli NetView installed that is
affected by a privilege escalation vulnerability. A Unix System
Services authenticated attacker may be able to gain the privileges of
the NetView application.

Note that Nessus has not tested for the issues, but instead has relied
only on the detected version number. Nessus is unable to determine if
the patches for this vulnerability are installed as it does not change
this detected version number.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21621163
http://xforce.iss.net/xforce/xfdb/80643

Solution :

Updates are available from the vendor.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 70173 ()

Bugtraq ID: 57036

CVE ID: CVE-2012-5951