Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4294

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-4294
Last Modified 07 Mar 2011 10:12:13
Published 27 Sep 2008 06:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4294

Summary

IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun.

Vulnerable Systems

Application

  • Ibm Tivoli Netcool Webtop 2.1.0


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg24018932

XF - tivoli-netcoolwebtop-privilege-escalation(45419)

VUPEN - ADV-2008-2690

BID - 31414

AIXAPAR - IZ21888

SECUNIA - 32036


Last Updated: 27 May 2016 10:48:27