Web application abuses : IBM Tivoli Endpoint Manager Mobile Device Management Cross Site Scripting Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105132

Categoría: Web application abuses

Título: IBM Tivoli Endpoint Manager Mobile Device Management Cross Site Scripting Vulnerability

Resumen: IBM Tivoli Endpoint Manager Mobile Device Management is prone to a cross-;site scripting vulnerability because it fails to sanitize user-supplied input.

Descripción: Summary:
IBM Tivoli Endpoint Manager Mobile Device Management is prone to a cross-
site scripting vulnerability because it fails to sanitize user-supplied input.

Vulnerability Insight:
BM Tivoli Endpoint Manager Mobile Device Management (MDM) is vulnerable
to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit
this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security
context of the hosting web site, after the URL is clicked.

Vulnerability Impact:
An attacker could use this vulnerability to steal the victim's cookie-based
authentication credentials and execute arbitrary code.

Affected Software/OS:
Versions prior to IBM Tivoli Endpoint Manager Mobile Device Management 9.0.60100 are vulnerable.

Solution:
Upgrade to version 9.0.60100

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-6140
BugTraq ID: 71424
http://www.securityfocus.com/bid/71424
Bugtraq: 20141202 [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components (Google Search)
http://www.securityfocus.com/archive/1/534131/100/0/threaded
http://seclists.org/fulldisclosure/2014/Dec/3
http://packetstormsecurity.com/files/129349/IBM-Endpoint-Manager-For-Mobile-Devices-Code-Execution.html
https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-012/-unauthenticated-remote-code-execution-in-ibm-endpoint-manager-mobile-device-management-components
http://www.securitytracker.com/id/1031306

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105132
Categoría:	Web application abuses
Título:	IBM Tivoli Endpoint Manager Mobile Device Management Cross Site Scripting Vulnerability
Resumen:	IBM Tivoli Endpoint Manager Mobile Device Management is prone to a cross-;site scripting vulnerability because it fails to sanitize user-supplied input.
Descripción:	Summary: IBM Tivoli Endpoint Manager Mobile Device Management is prone to a cross- site scripting vulnerability because it fails to sanitize user-supplied input. Vulnerability Insight: BM Tivoli Endpoint Manager Mobile Device Management (MDM) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site, after the URL is clicked. Vulnerability Impact: An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials and execute arbitrary code. Affected Software/OS: Versions prior to IBM Tivoli Endpoint Manager Mobile Device Management 9.0.60100 are vulnerable. Solution: Upgrade to version 9.0.60100 CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6140 BugTraq ID: 71424 http://www.securityfocus.com/bid/71424 Bugtraq: 20141202 [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components (Google Search) http://www.securityfocus.com/archive/1/534131/100/0/threaded http://seclists.org/fulldisclosure/2014/Dec/3 http://packetstormsecurity.com/files/129349/IBM-Endpoint-Manager-For-Mobile-Devices-Code-Execution.html https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-012/-unauthenticated-remote-code-execution-in-ibm-endpoint-manager-mobile-device-management-components http://www.securitytracker.com/id/1031306
Copyright	Copyright (C) 2014 Greenbone AG