Detections
Analytics
IBM Tivoli NetView for z/OS Privilege Escalation
high Nessus Plugin ID 70173
Language:
Synopsis
The remote host may be running software with a privilege escalation vulnerability.Description
The remote host appears to have IBM Tivoli NetView installed that is affected by a privilege escalation vulnerability. A Unix System Services authenticated attacker may be able to gain the privileges of the NetView application.Note that Nessus has not tested for the issues, but instead has relied only on the detected version number. Nessus is unable to determine if the patches for this vulnerability are installed as it does not change this detected version number.
Solution
Updates are available from the vendor.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg21621163
http://web.archive.org/web/20130215104605/http://xforce.iss.net/xforce/xfdb/80643
Plugin Details
Severity: High
ID: 70173
File Name: ibm_netview_zos_privilege_escalation.nasl
Version: 1.9
Type: local
Family: Misc.
Published: 9/27/2013
Updated: 9/24/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:ibm:tivoli_netview
Required KB Items: Secret/ClearTextAuth/login, Secret/ClearTextAuth/pass
Exploit Ease: No known exploits are available
Patch Publication Date: 12/21/2012
Vulnerability Publication Date: 12/21/2012
Reference Information
CVE: CVE-2012-5951
BID: 57036