IBM Tivoli Endpoint Manager Server 8.2.x < 8.2.1445.0 / 9.0.x < 9.0.853.0 / 9.1.x < 9.1.1088.0 Unspecified XXE File Disclosure
Medium Nessus Plugin ID 79334
SynopsisThe remote host is affected by a file disclosure vulnerability.
DescriptionAccording to its self-reported version, the IBM Tivoli Endpoint Manager server installed on the remote host is 8.2.x prior to 8.2.1445.0, 9.0.x prior to 9.0.853.0, or 9.1.x prior to 9.1.1088.0. It is, therefore, affected by an information disclosure vulnerability due to an XML External Entity (XXE) flaw that allows an attacker to read arbitrary files on the host by sending specially crafted XML data.
Note that this vulnerability only affects the Console, Root Server, Web Reports, and Server API components. It does not affect the Agent and Relay components.
SolutionUpgrade to Tivoli Endpoint Manager server 8.2.1445.0 / 9.0.853.0 / 9.1.1088.0 or later.