VULHUB ™

IBM包含多系列产品，如IBM Tivoli，IBM WebSphere等。 IBM多个产品存在信任书伪造问题，远程攻击者可以利用这个漏洞访问资源和数据或可能控制应用程序。 目前报告此问题可以使攻击者利用COOKIE或伪造其他信任用户未授权访问资源，目前没有详细漏洞细节提供。 IBM Tivoli Access Manager for e-business 5.1 IBM Tivoli Access Manager for e-business 4.1 IBM Tivoli Access Manager for e-business 3.9 IBM Tivoli Access Manager Identity Manager Solution 5.1 IBM Tivoli Configuration Manager for ATM 2.1 IBM Tivoli Configuration Manager 4.2 IBM WebSphere Everyplace Server 2.15 IBM WebSphere Everyplace Server 2.14 IBM WebSphere Everyplace Server 2.1.3 IBM Tivoli SecureWay Policy Director 3.8 - HP HP-UX 11.0 - IBM AIX 4.3.3 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000...

IBM包含多系列产品，如IBM Tivoli，IBM WebSphere等。 IBM多个产品存在信任书伪造问题，远程攻击者可以利用这个漏洞访问资源和数据或可能控制应用程序。 目前报告此问题可以使攻击者利用COOKIE或伪造其他信任用户未授权访问资源，目前没有详细漏洞细节提供。 IBM Tivoli Access Manager for e-business 5.1 IBM Tivoli Access Manager for e-business 4.1 IBM Tivoli Access Manager for e-business 3.9 IBM Tivoli Access Manager Identity Manager Solution 5.1 IBM Tivoli Configuration Manager for ATM 2.1 IBM Tivoli Configuration Manager 4.2 IBM WebSphere Everyplace Server 2.15 IBM WebSphere Everyplace Server 2.14 IBM WebSphere Everyplace Server 2.1.3 IBM Tivoli SecureWay Policy Director 3.8 - HP HP-UX 11.0 - IBM AIX 4.3.3 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Sun Solaris 8.0 - Sun Solaris 7.0 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： IBM Tivoli Configuration Manager for ATM 2.1: IBM Patch 3.8-PWS-0016 http://www-1.ibm.com/support/docview.wss?uid=swg24006478 WebSEAL. IBM Tivoli SecureWay Policy Director 3.8: IBM Patch 3.8-PWS-0016 http://www-1.ibm.com/support/docview.wss?uid=swg24006478 IBM Tivoli Access Manager for e-business 3.9: IBM Patch 3.9-AWS-0007 http://www-1.ibm.com/support/docview.wss?uid=swg24006460 IBM Patch 3.9-WPI-0005 http://www-1.ibm.com/support/docview.wss?uid=swg24006535 Web Server Plug-in. IBM Tivoli Access Manager for e-business 4.1: IBM Patch 4.1-AWS-FP09 http://www-1.ibm.com/support/docview.wss?uid=swg24006273 WebSEAL. IBM Patch 4.1-WPI-0007 http://www-1.ibm.com/support/docview.wss?uid=swg24006534 Web Server Plug-in. IBM Tivoli Configuration Manager 4.2: IBM Patch 3.8-PWS-0016 http://www-1.ibm.com/support/docview.wss?uid=swg24006478 WebSEAL. IBM Tivoli Access Manager for e-business 5.1: IBM Patch 5.1-AWS-0001 http://www-1.ibm.com/support/docview.wss?uid=swg24006477 WebSEAL. IBM Patch 5.1-WPI-0001 http://www-1.ibm.com/support/docview.wss?uid=swg24006533 Web Server Plug-in. IBM Tivoli Access Manager Identity Manager Solution 5.1: IBM Patch 5.1-AWS-0001 http://www-1.ibm.com/support/docview.wss?uid=swg24006477 WebSEAL. IBM Patch 5.1-WPI-0001 http://www-1.ibm.com/support/docview.wss?uid=swg24006533 Plug-In for Web Server. WebSphere Everyplace Server补丁可联系供应商获得。