Vulnerability Description
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Provisioning Manager | 5.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/33143Vendor Advisory
- http://securitytracker.com/id?1021394
- http://www-01.ibm.com/support/docview.wss?uid=swg21330228PatchVendor Advisory
- http://www.securityfocus.com/bid/32824
- http://www.vupen.com/english/advisories/2008/3432
- http://secunia.com/advisories/33143Vendor Advisory
- http://securitytracker.com/id?1021394
- http://www-01.ibm.com/support/docview.wss?uid=swg21330228PatchVendor Advisory
- http://www.securityfocus.com/bid/32824
- http://www.vupen.com/english/advisories/2008/3432
FAQ
What is CVE-2008-5686?
CVE-2008-5686 is a vulnerability with a CVSS score of 8.5 (HIGH). IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows...
How severe is CVE-2008-5686?
CVE-2008-5686 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5686?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Provisioning Manager.