IBM Tivoli Endpoint Manager Server 8.2.x < 8.2.1445.0 / 9.0.x < 9.0.853.0 / 9.1.x < 9.1.1088.0 Unspecified XXE File Disclosure

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a file disclosure vulnerability.

Description :

According to its self-reported version, the IBM Tivoli Endpoint
Manager server installed on the remote host is 8.2.x prior to
8.2.1445.0, 9.0.x prior to 9.0.853.0, or 9.1.x prior to 9.1.1088.0. It
is, therefore, affected by an information disclosure vulnerability due
to an XML External Entity (XXE) flaw that allows an attacker to read
arbitrary files on the host by sending specially crafted XML data.

Note that this vulnerability only affects the Console, Root Server,
Web Reports, and Server API components. It does not affect the Agent
and Relay components.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21673961
http://www-01.ibm.com/support/docview.wss?uid=swg21673964
http://www-01.ibm.com/support/docview.wss?uid=swg21673967

Solution :

Upgrade to Tivoli Endpoint Manager server 8.2.1445.0 / 9.0.853.0 /
9.1.1088.0 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 79334 ()

Bugtraq ID:

CVE ID: CVE-2014-3066

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now