Bypassing File Permissions in IBM Tivoli Management Framework 3.7.1

Bypassing File Permissions in IBM Tivoli Management Framework 3.7.1

CVE-2000-1239 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.

Learn more about our Cis Benchmark Audit For Ibm I.