Thursday, September 13, 2007 2:25 PM
cmosby
IBM Tivoli Compliance Insight Manager Oracle Multiple Vulnerabilities - Advisories - Secunia
IBM Tivoli Compliance Insight Manager Oracle Multiple Vulnerabilities
Secunia Advisory:
SA26669
Release Date:
2007-09-12
Critical:
Highly critical
Impact:
Unknown
Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
Where:
From remote
Solution Status:
Vendor Patch
Software:
IBM Tivoli Compliance Insight Manager (TCIM) 6.x
IBM Tivoli Compliance Insight Manager (TCIM) 7.x
IBM Tivoli Compliance Insight Manager (TCIM) 8.x
Description:
IBM has acknowledged some vulnerabilities in Tivoli Compliance Insight Manager (TCIM), some of which have unknown impacts, while others can be exploited to bypass certain security restrictions, gain knowledge of sensitive information, gain escalated privileges, cause a DoS (Denial of Service), conduct cross-site scripting and SQL injection attacks, or potentially compromise a vulnerable system.
For more information:
SA24929
The vulnerabilities are reported in versions 6.0, 7.0, and 8.0.
Solution:
Apply patches.
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24016678
Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21268889
Other References:
SA24929:
http://secunia.com/advisories/24929/
Source: IBM Tivoli Compliance Insight Manager Oracle Multiple Vulnerabilities - Advisories - Secunia
Filed under: Patch Management, Security, Configuration Management