[email protected]CVE-2011-0494

HistoryJan 19, 2011 - 12:00 p.m.

CVE-2011-0494

2011-01-1912:00:22

CWE-22

[email protected]

web.nvd.nist.gov

cve

ibm

tivoli access manager

directory traversal

vulnerability

webseal

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622.

Affected configurations

NVD

Node

ibmtivoli_access_manager_for_e-businessMatch5.1

ibmtivoli_access_manager_for_e-businessMatch5.1.0.10

ibmtivoli_access_manager_for_e-businessMatch6.0.0

ibmtivoli_access_manager_for_e-businessMatch6.0.0.17

ibmtivoli_access_manager_for_e-businessMatch6.0.0.23

ibmtivoli_access_manager_for_e-businessMatch6.1.0

ibmtivoli_access_manager_for_e-businessMatch6.1.0.3

ibmtivoli_access_manager_for_e-businessMatch6.1.0.4

ibmtivoli_access_manager_for_e-businessMatch6.1.1

CPENameOperatorVersion
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq5.1
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq5.1.0.10
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq6.0.0
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq6.0.0.17
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq6.0.0.23
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq6.1.0
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq6.1.0.3
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq6.1.0.4
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq6.1.1

CPE	Name	Operator	Version
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	5.1
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	5.1.0.10
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	6.0.0
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	6.0.0.17
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	6.0.0.23
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	6.1.0
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	6.1.0.3
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	6.1.0.4
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	6.1.1

References

secunia.com/advisories/42955

www-01.ibm.com/support/docview.wss?uid=swg1IZ87328

www-01.ibm.com/support/docview.wss?uid=swg1IZ87470

www-01.ibm.com/support/docview.wss?uid=swg1IZ91619

www-01.ibm.com/support/docview.wss?uid=swg1IZ91620

www-01.ibm.com/support/docview.wss?uid=swg21459999

www-01.ibm.com/support/docview.wss?uid=swg24025790

www-01.ibm.com/support/docview.wss?uid=swg24028829

www-01.ibm.com/support/docview.wss?uid=swg24028860

www-01.ibm.com/support/docview.wss?uid=swg24028861

www.securityfocus.com/bid/45836

www.vupen.com/english/advisories/2011/0138

exchange.xforce.ibmcloud.com/vulnerabilities/64737

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2011-0494

prion2 cvelist2 nvd2 nessus1 cve1