Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5686

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-5686
Last Modified 07 Mar 2011 10:14:57
Published 19 Dec 2008 12:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-5686

Summary

IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.

Vulnerable Systems

Application

  • Ibm Tivoli Provisioning Manager 5.1

  • Ibm Tivoli Provisioning Manager 5.1.0.2

  • Ibm Tivoli Provisioning Manager 5.1.1

  • Ibm Tivoli Provisioning Manager 5.1.1.1


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21330228

VUPEN - ADV-2008-3432

BID - 32824

SECTRACK - 1021394

SECUNIA - 33143


Last Updated: 27 May 2016 10:48:53