Authentication Bypass in IBM Tivoli Netcool Security Manager
CVE-2007-6363

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Netcool Security Manager
Vendor: CVE Published:; 15 December 2007

Summary

The vulnerability allows remote attackers to gain unauthorized access to IBM Tivoli Netcool Security Manager 1.3.0 without providing valid credentials, specifically when Active Directory (AD) LDAP authentication is enabled. This security issue can be exploited through certain unspecified vectors, potentially granting attackers the ability to bypass authentication mechanisms completely.

References

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ04768

vendor-advisoryx_refsource_AIXAPAR

http://osvdb.org/43718

vdb-entryx_refsource_OSVDB

http://www-1.ibm.com/support/docview.wss?uid=swg24017385

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 15, 2007
Vulnerability Reserved
Dec 14, 2007