VULNERABILIDAD, IBM Tivoli Composite Application Manager for WebSphere Unspecified Cross-Site Scripting

IBM Tivoli Composite Application Manager (ITCAM) for WebSphere is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

ITCAM for WebSphere 6.1.0 is affected.


REFERENCIA DE LA VULNERABILIDAD

Tivoli Composite Application Manager for WebSphere Homepage (IBM)
fuente: securityfocus.com

TIVOLI

NUEVA VULNERABILIDAD, IBM Tivoli Directory Server ‘ibmdiradm’ Denial of Service Vulnerability

IBM Tivoli Directory Server is prone to a denial-of-service vulnerability caused by heap memory corruption.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

IBM Tivoli Directory Server 6.0 is vulnerable; other versions may also be affected.

Published:       Sep 03 2009 12:00AM
Updated:          Sep 03 2009 09:12PM

IBM HOMEPAGE

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

TIVOLI

VULNERABILIDAD. IBM Tivoli Storage Manager Multiple Vulnerabilities

IBM Tivoli Storage Manager is prone to multiple vulnerabilities:

– Multiple buffer-overflow issues
– Multiple unauthorized-access issues

Attackers can exploit these issues to cause a denial-of-service condition, to execute arbitrary code, and to read, copy, edit, or delete files on a victim’s computer. Other attacks may also be possible.

REFERENCIA DE LA VULNERABILIDAD

OTRAS REFERENCIAS

fuente: securityfocus.com

TIVOLI

VULNERABILIDADES. Diversas vulnerabilidades en IBM Tivoli Storage Manager 5

Se han anunciado la existencia de cinco vulnerabilidades en el cliente de IBM Tivoli Storage Manager 5 (TSM), que podrían ser explotadas por atacantes remotos para evitar restricciones de seguridad y comprometer los sistemas afectados.

Tivoli Storage Manager, es un producto de IBM para la gestión de almacenamiento que automatiza las funciones de restauración y copia de seguridad, y permite centralizar las operaciones de gestión de backups. Existen dos desbordamientos de búfer basados en pila en el agente “dsmagent.exe” que podrían ser explotados para provocar una denegación de servicio del cliente o ejecutar código arbitrario.

Un tercer problema se debe a un desbordamiento de búfer en la interfaz del cliente Web, que podría ser empleado para provocar la caída del cliente TSM o ejecutar código arbitrario.

La cuarta vulnerabilidad reside en un error del que no se han facilitado detalles en la interfaz gráfica Java, que podría permitir a un atacante leer, copiar, modificar o eliminar archivos en el sistema del cliente.

Por último, un error en los clientes AIX y Windows que hagan uso de SSL (Secure Socket Layer), podría ser empleado para llevar a cabo ataques de “hombre en el medio” y leer o copiar archivos desde el sistema del cliente.

Se ver afectados las versiones 5.1, 5.2, 5.3, 5.4 y 5.5 de IBM Tivoli Storage Manager. IBM ha publicado versiones actualizadas del cliente, por lo que se recomienda actualizar a las versiones 5.5.2, 5.4.2.7, 5.3.6.6, 5.2.5.4, o 5.1.8.3 desde: http://www-01.ibm.com/support/docview.wss?uid=swg21384389

fuente: hispasec.com

tivoli_ibm

VULNERABILIDAD. IBM Tivoli Continuous Data Protection for Files Cross Site Scripting Vulnerability

IBM Tivoli Continuous Data Protection for Files is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

IBM Tivoli Continuous Data Protection for Files 3.1.4.0 is vulnerable; other versions may also be affected.

Published:       Apr 14 2009 12:00AM
Updated:           Apr 15 2009 12:16AM

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

tivoli_ibm

VULNERABILIDAD. IBM Tivoli Access Manager for e-business Remote Denial Of Service Vulnerability

IBM Tivoli Access Manager for e-business is prone to a remote denial-of-service vulnerability.

Remote attackers can exploit this issue to cause the service to crash or hang, denying service to legitimate users.

IBM Tivoli Access Manager for e-business 6.0.0.17 is vulnerable; other versions may also be affected.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

tivoli1

VULNERABILIDAD. IBM Tivoli Netcool Service Quality Manager Cross Site Scripting And HTML Injection Vulnerabilities

IBM Tivoli Netcool Service Quality Manager is prone to multiple cross-site scripting and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

We don’t know which versions of IBM Tivoli Netcool Service Quality Manager are affected. We will update this BID when more details emerge.

NOTE: IBM Tivoli Netcool Service Quality Manager may also have been known as ‘Vallent Metrica Service Assurance’.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

tivoli