You are here

U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System

December 1, 2011 - 9:00am

Addthis

PROBLEM:

IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System.

PLATFORM:

IBM Tivoli Netcool Reporter prior to 2.2.0.8

ABSTRACT:

A vulnerability was reported in IBM Tivoli Netcool Reporter.

referenceĀ  LINKS:

SecurityTracker Alert ID: 1026360
Tivoli Netcool Reporter Support and Downloads
IBM Tivoli Support

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary commands on the target system. The code will run with the privileges of the target web service

Impact:

A remote user can execute arbitrary code on the target system.

Solution:

The vendor has issued a fix, Tivoli Netcool Reporter Support and Downloads .

Addthis