Detections
Analytics

IBM Tivoli Access Manager for e-Business WebSEAL Multiple Vulnerabilities

medium Nessus Plugin ID 70139

Language:

Synopsis

An access and authorization control management system, installed on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business WebSEAL component is affected by the following vulnerabilities :

 - An input validation error exists that could allow directory traversal attacks having an unspecified impact. (CVE-2010-4622, CVE-2011-0494)

 - An error exists related to 'shift-reload' actions that could allow an authenticated attacker to cause denial of service conditions. Note that only the 6.1.1.x branch is affected by this issue. (CVE-2010-4623)

Solution

Apply the interim fix 5.1.0.39-TIV-AWS-IF0040 / 6.0.0.25-TIV-AWS-IF0026 / 6.1.0.5-TIV-AWS-IF0006 or later. Or apply the fixpack 6.1.1-TIV-AWS-FP0001 or later.

See Also

http://www.nessus.org/u?ab359a72

http://www-01.ibm.com/support/docview.wss?uid=swg24025790

http://www.nessus.org/u?401de4a7

http://www.nessus.org/u?5007bc88

http://www-01.ibm.com/support/docview.wss?uid=swg24028829

Plugin Details

Severity: Medium

ID: 70139

File Name: tivoli_access_manager_ebiz_webseal_multivuln.nasl

Version: 1.7

Type: local

Family: Misc.

Published: 9/26/2013

Updated: 8/1/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_access_manager_for_e-business

Required KB Items: ibm/tivoli_access_manager_ebiz/components/IBM Tivoli Access Manager WebSEAL

Exploit Ease: No known exploits are available

Patch Publication Date: 1/14/2011

Vulnerability Publication Date: 12/24/2010

Reference Information

CVE: CVE-2010-4622, CVE-2010-4623, CVE-2011-0494

BID: 45582, 45665, 45836