N/A

The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.

N/A

N/A

IBM Tivoli Lightweight Client Framework信息泄露漏洞

IBM Tivoli Management Framework 3.7.1版本中Tivoli Lightweight Client Framework (LCF)的HTTP界面在安装的时候设置http_disable为零，远程验证用户可以借助记录文件的未明操作绕过Tivoli Endpoint Configuration数据文件上的文件权限。

N/A

N/A