IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities

medium Nessus Plugin ID 66270

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote host is running a version of IBM Tivoli Endpoint Manager Server prior to 8.2.1372. It is, therefore, affected by multiple vulnerabilities :

- Multiple SSL related denial of service vulnerabilities exist. (CVE-2012-2686, CVE-2013-0166)

- An SSL side-channel timing analysis attack allows full or partial plaintext recovery by a third-party listener.
(CVE-2013-0169)

- A cross-site request forgery vulnerability exists in the Use Analysis Application that can be exploited via a specially crafted AMF message. (CVE-2013-0452)

- An unspecified cross-site scripting vulnerability exists in IBM Tivoli Endpoint Manager Web Reports.
(CVE-2013-0453)

Solution

Upgrade to Tivoli Endpoint Manager Server 8.2.1372 or later.

See Also

http://www.nessus.org/u?34a3ad9f

http://www.nessus.org/u?3c65c9ef

http://www.nessus.org/u?b2fcf16e

https://www-304.ibm.com/support/docview.wss?rs=1015&uid=swg21633352

https://www-304.ibm.com/support/docview.wss?rs=1015&uid=swg21633354

https://www-304.ibm.com/support/docview.wss?rs=1015&uid=swg21633351

Plugin Details

Severity: Medium

ID: 66270

File Name: ibm_tem_8_2_1372.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 4/30/2013

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-0452

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_endpoint_manager

Required KB Items: www/BigFixHTTPServer

Exploit Ease: No known exploits are available

Patch Publication Date: 3/21/2013

Vulnerability Publication Date: 2/4/2013

Reference Information

CVE: CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2013-0452, CVE-2013-0453

BID: 57755, 57778, 58632, 58661

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990