Privilege Escalation Vulnerability in IBM Tivoli NetView Access Services
CVE-2014-9768

8.8HIGH

Key Information:

Vendor: IBM
Status: Tivoli Netview Access Services
Vendor: CVE Published:; 18 March 2016

Summary

IBM Tivoli NetView Access Services (NVAS) permits remote authenticated users to escalate their privileges. By utilizing the ADM command and altering the 'page ID' field associated with the EMSPG2 transaction code, users can manipulate access controls. To mitigate this vulnerability, IBM recommends employing available security features and best practices in configuring NVAS.

References

http://www.irongeek.com/i.php?page=videos/derbycon4/t217-...

x_refsource_MISC

https://vimeo.com/96718889

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 18, 2016
Vulnerability Reserved
Mar 17, 2016