CVE-2011-1220

2011-06-0220:55:00

CWE-119

[email protected]

web.nvd.nist.gov

114

cve-2011-1220

buffer overflow

lcfd.exe

tivoli endpoint

ibm tivoli management framework

7.4 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.

CPENameOperatorVersion
ibm:tivoli_management_frameworkibm tivoli management frameworkeq4.3.1
ibm:tivoli_management_frameworkibm tivoli management frameworkeq3.7.1
ibm:tivoli_management_frameworkibm tivoli management frameworkeq4.1
ibm:tivoli_management_frameworkibm tivoli management frameworkeq4.1.1

CPE	Name	Operator	Version
ibm:tivoli_management_framework	ibm tivoli management framework	eq	4.3.1
ibm:tivoli_management_framework	ibm tivoli management framework	eq	3.7.1
ibm:tivoli_management_framework	ibm tivoli management framework	eq	4.1
ibm:tivoli_management_framework	ibm tivoli management framework	eq	4.1.1