CVE-2011-2330

Severity

90%

Complexity

80%

Confidentiality

165%

Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.

Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.

CVSS 2.0 Base Score 9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C).

Overview

Type

IBM Tivoli Management Framework

First reported 13 years ago

2011-06-02 20:55:00

Last updated 6 years ago

2018-10-09 19:32:00

Affected Software

IBM Tivoli Management Framework 3.7.1

3.7.1

IBM Tivoli Management Framework 4.1.1

4.1.1

References

8268

20110531 ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg21499146

http://zerodayinitiative.com/advisories/ZDI-11-169/

tivoli-framework-endpoint-code-exec(67858)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.