ID CVE-2010-4623
Summary WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.
References
Vulnerable Configurations
  • IBM Tivoli Access Manager for e-business 6.1.1
    cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1
CVSS
Base: 4.0 (as of 30-12-2010 - 15:43)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Misc.
NASL id TIVOLI_ACCESS_MANAGER_EBIZ_WEBSEAL_MULTIVULN.NASL
description According to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business WebSEAL component is affected by the following vulnerabilities : - An input validation error exists that could allow directory traversal attacks having an unspecified impact. (CVE-2010-4622, CVE-2011-0494) - An error exists related to 'shift-reload' actions that could allow an authenticated attacker to cause denial of service conditions. Note that only the 6.1.1.x branch is affected by this issue. (CVE-2010-4623)
last seen 2019-02-21
modified 2018-08-01
plugin id 70139
published 2013-09-26
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=70139
title IBM Tivoli Access Manager for e-Business WebSEAL Multiple Vulnerabilities
refmap via4
bid 45665
confirm http://www-01.ibm.com/support/docview.wss?uid=swg24028829
xf ibm-tivoli-ebusiness-webseal-dos(64471)
Last major update 11-01-2011 - 01:46
Published 30-12-2010 - 14:00
Last modified 16-08-2017 - 21:33
Back to Top