IBM Tivoli Monitoring SOAP Interface Insecure Configuration Remote SOAP Query Information Disclosure

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the Windows host is affected by an
information disclosure vulnerability.

Description :

IBM Tivoli Monitoring, a network asset monitoring platform, is
installed on the remote Windows host and is using an insecure
configuration. It is, therefore, affected by an information disclosure
vulnerability in the SOAP interface due to an insecure default
configuration. An unauthenticated, remote attacker can exploit this to
disclose SOAP queries that may contain sensitive information.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg22000909

Solution :

Apply the interim fix or workaround per the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 101168 ()

Bugtraq ID: 99259

CVE ID: CVE-2016-6083

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now