IBM Tivoli Endpoint Manager Server 9.0.777 (patch 2) LDAP and AD Authentication

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by an authentication-related

Description :

According to its self-reported version, IBM Tivoli Endpoint Manager
Server 9.0.777.0 (patch 2) is installed on the remote host. It is,
therefore, affected by a vulnerability that could allow an attacker to
impersonate any LDAP-authenticated Console user when LDAP and Active
Directory authentication is enabled.

See also :

Solution :

Upgrade to Tivoli Endpoint Manager Server 9.0.787 (patch 4) or later
or disable LDAP and Active Directory authentication.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 70586 ()

Bugtraq ID: 63267