IBM Tivoli Netcool/Reporter CGI Remote Command Injection Vulnerability
BID:50864
Info
IBM Tivoli Netcool/Reporter CGI Remote Command Injection Vulnerability
| Bugtraq ID: | 50864 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4668 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2011 12:00AM |
| Updated: | Dec 05 2011 06:27PM |
| Credit: | IBM |
| Vulnerable: |
IBM Tivoli Netcool Reporter 2.2.0.7 IBM Tivoli Netcool Reporter 2.2 |
| Not Vulnerable: |
IBM Tivoli Netcool Reporter 2.2.0.8 |
Discussion
IBM Tivoli Netcool/Reporter CGI Remote Command Injection Vulnerability
IBM Tivoli Netcool/Reporter is prone to a remote command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the context of the application.
Tivoli Netcool/Reporter 2.2.0.0 to 2.2.0.7 are vulnerable.
IBM Tivoli Netcool/Reporter is prone to a remote command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the context of the application.
Tivoli Netcool/Reporter 2.2.0.0 to 2.2.0.7 are vulnerable.
Exploit / POC
IBM Tivoli Netcool/Reporter CGI Remote Command Injection Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
IBM Tivoli Netcool/Reporter CGI Remote Command Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
IBM Tivoli Netcool/Reporter CGI Remote Command Injection Vulnerability
References:
References: