The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm tivoli management framework 3.7.1 |