Test ID:	1.3.6.1.4.1.25623.1.0.809886
Category:	Web application abuses
Title:	IBM Tivoli Endpoint Manager Multiple Vulnerabilities (Feb 2017)
Summary:	IBM Tivoli Endpoint Manager is prone to multiple vulnerabilities.
Description:	Summary: IBM Tivoli Endpoint Manager is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - Enabling relay authentication(By default, unrestricted file upload on relays/servers with relay authentication is disabled). - Storage of potentially sensitive information in log files that could be available to a local user. - A missing HTTP Strict-Transport-Security Header through mitm. - An input validation error. Vulnerability Impact: Successful exploitation will allow remote attackers to upload a malicious file, to obtain sensitive information, also to inject commands that would be executed with unnecessary higher privileges than expected. Affected Software/OS: IBM Tivoli Endpoint Manager versions 9.0, 9.1, 9.2, 9.5 Solution: Apply the fixes from the referenced links. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0296 BugTraq ID: 94213 http://www.securityfocus.com/bid/94213 Common Vulnerability Exposure (CVE) ID: CVE-2016-0297 BugTraq ID: 94188 http://www.securityfocus.com/bid/94188 Common Vulnerability Exposure (CVE) ID: CVE-2016-0396 BugTraq ID: 94155 http://www.securityfocus.com/bid/94155 Common Vulnerability Exposure (CVE) ID: CVE-2016-0214 BugTraq ID: 94193 http://www.securityfocus.com/bid/94193
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.