The management service in IBM Tivoli Provisioning Manager for OS Deployment prior to 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote malicious users to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm tivoli provisioning manager os deployment 5.1.0.116 |