Sensitive Information Exposure in IBM Tivoli Endpoint Manager
CVE-2017-1226

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Bigfix Platform
Vendor
CVE Published:
26 October 2017

Summary

IBM Tivoli Endpoint Manager, specifically versions 9.2 and 9.5 of the IBM BigFix platform, contains a vulnerability where error messages logged by the system reveal sensitive information related to the environment. This exposure could potentially be exploited by malicious actors to gain unauthorized access or further compromise the affected system. It is crucial for organizations using these versions to implement security measures that safeguard against information leakage and to consider updates provided by IBM to mitigate this risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123905
x_refsource_MISC
http://www.securityfocus.com/bid/101571
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22009673
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.