IBM Tivoli Endpoint Manager Server 9.0.777 (patch 2) LDAP and AD Authentication

Medium Nessus Plugin ID 70586


The remote host is affected by an authentication-related vulnerability.


According to its self-reported version, IBM Tivoli Endpoint Manager Server 9.0.777.0 (patch 2) is installed on the remote host. It is, therefore, affected by a vulnerability that could allow an attacker to impersonate any LDAP-authenticated Console user when LDAP and Active Directory authentication is enabled.


Upgrade to Tivoli Endpoint Manager Server 9.0.787 (patch 4) or later or disable LDAP and Active Directory authentication.

See Also

Plugin Details

Severity: Medium

ID: 70586

File Name: ibm_tem_ldap.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Web Servers

Published: 2013/10/24

Modified: 2014/11/19

Dependencies: 66269

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_endpoint_manager

Required KB Items: www/BigFixHTTPServer, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/10/08

Vulnerability Publication Date: 2013/10/08

Reference Information

BID: 63267

OSVDB: 98827