IBM Tivoli Endpoint Manager Server 8.2.x < 8.2.1445.0 / 9.0.x < 9.0.853.0 / 9.1.x < 9.1.1088.0 Unspecified XXE File Disclosure

Medium Nessus Plugin ID 79334


The remote host is affected by a file disclosure vulnerability.


According to its self-reported version, the IBM Tivoli Endpoint Manager server installed on the remote host is 8.2.x prior to 8.2.1445.0, 9.0.x prior to 9.0.853.0, or 9.1.x prior to 9.1.1088.0. It is, therefore, affected by an information disclosure vulnerability due to an XML External Entity (XXE) flaw that allows an attacker to read arbitrary files on the host by sending specially crafted XML data.

Note that this vulnerability only affects the Console, Root Server, Web Reports, and Server API components. It does not affect the Agent and Relay components.


Upgrade to Tivoli Endpoint Manager server 8.2.1445.0 / 9.0.853.0 / 9.1.1088.0 or later.

See Also

Plugin Details

Severity: Medium

ID: 79334

File Name: ibm_tem_9_1_1088_0.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Web Servers

Published: 2014/11/19

Modified: 2016/04/28

Dependencies: 66269

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_endpoint_manager

Required KB Items: Settings/ParanoidReport, www/BigFixHTTPServer

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/05/20

Vulnerability Publication Date: 2014/06/25

Reference Information

CVE: CVE-2014-3066

OSVDB: 108604