Vulnerability in IBM Tivoli Endpoint Manager Exposes Sensitive Information
CVE-2017-1230

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Bigfix Platform
Vendor
CVE Published:
26 October 2017

Summary

IBM Tivoli Endpoint Manager versions 9.2 and 9.5 contain a vulnerability due to the use of insufficiently random numbers in a security context that relies on unpredictable values. This weakness can potentially enable attackers to expose sensitive information by successfully guessing tokens or identifiers, thereby compromising the security integrity of the affected system. For further details, please visit the IBM X-Force advisory page.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123909
x_refsource_MISC
http://www.securityfocus.com/bid/101571
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22009673
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.