U-049: IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System

December 1, 2011 - 9:00am

PROBLEM:

IBM Tivoli Netcool Reporter CGI Bug Lets Remote Users Inject Commands on the Target System.

PLATFORM:

IBM Tivoli Netcool Reporter prior to 2.2.0.8

ABSTRACT:

A vulnerability was reported in IBM Tivoli Netcool Reporter.

reference LINKS:

SecurityTracker Alert ID: 1026360
Tivoli Netcool Reporter Support and Downloads
IBM Tivoli Support

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary commands on the target system. The code will run with the privileges of the target web service

Impact:

A remote user can execute arbitrary code on the target system.

Solution:

The vendor has issued a fix, Tivoli Netcool Reporter Support and Downloads .

Latest JC3 Bulletins

May 23, 2013

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.
May 22, 2013

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.
May 21, 2013

V-160: Wireshark Multiple Bugs Let Remote Users Deny Service

Multiple vulnerabilities have been reported in Wireshark

More JC3 Bulletins

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here