IBM Software Vulnerabilities
advertisement
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 LAB03 IBM Software Vulnerabilities June 6, 2013 at 10:34am EDT [cody] Confidential: The following report contains confidential information. Do not distribute, email, fax, or transfer via any electronic mechanism unless it has been approved by the recipient company's security policy. All copies and backups of this document should be saved on protected storage at all times. Do not share any of the information contained within this report with anyone unless they are authorized to view the information. Violating any of the previous instructions is grounds for termination. IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IBM Vulnerability Trend Over Time This chapter reports a trend over the last 90 days of the number of vulnerabilities by defined applications. IBM Vulnerability Trend Over Time Line Chart IBM Vulnerability Trend Over Time Tenable Network Security 1 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IBM Detailed Vulnerability Summary Reported are the number of systems on which the technology has been located in terms of critical, high, and medium vulnerabilities. The table displays the total number of identified vulnerabilities, including the associated repository, DNS, NetBIOS, MAC address, and IP address of the vulnerable systems. IBM Detailed Vulnerability Summary Tenable Network Security 2 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 AppDev & Database IBM Detailed Vulnerability Summary Tenable Network Security 3 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Systems Total Med. High Crit. 192.168.194.27 IP Address 00:aa:bb:98:94:92 april 37 18 8 11 192.168.45.49 00:aa:bb:98:92:87 may 37 18 8 11 192.168.166.35 00:aa:bb:98:87:47 april 37 18 8 11 192.168.144.18 00:aa:bb:98:78:35 april 37 18 8 11 192.168.93.31 00:aa:bb:98:71:89 may 37 18 8 11 192.168.45.46 00:aa:bb:98:58:86 may 37 18 8 11 192.168.101.32 00:aa:bb:98:57:61 march 37 18 8 11 192.168.23.41 00:aa:bb:98:35:29 april 37 18 8 11 192.168.213.53 00:aa:bb:98:33:25 march 37 18 8 11 192.168.144.24 00:aa:bb:98:33:15 april 37 18 8 11 192.168.93.34 00:aa:bb:98:29:75 may 37 18 8 11 192.168.5.48 00:aa:bb:98:22:39 may 37 18 8 11 192.168.133.19 00:aa:bb:98:17:22 april 37 18 8 11 192.168.161.27 00:aa:bb:97:97:95 march 37 18 8 11 192.168.101.29 00:aa:bb:97:87:44 march 37 18 8 11 192.168.161.28 00:aa:bb:97:81:22 march 37 18 8 11 00:aa:bb:97:78:94 may 37 18 8 11 192.168.58.18 00:aa:bb:97:78:37 april 37 18 8 11 192.168.62.37 00:aa:bb:97:60:52 april 37 18 8 11 192.168.19.24 00:aa:bb:97:51:21 april 37 18 8 11 192.168.133.8 00:aa:bb:97:38:74 april 37 18 8 11 192.168.62.43 00:aa:bb:97:37:25 april 37 18 8 11 192.168.195.36 00:aa:bb:97:16:45 march 37 18 8 11 192.168.205.21 00:aa:bb:97:13:18 april 37 18 8 11 192.168.58.28 00:aa:bb:97:13:14 april 37 18 8 11 192.168.147.30 00:aa:bb:97:11:62 march 37 18 8 11 192.168.22.42 00:aa:bb:96:97:73 march 37 18 8 11 192.168.105.50 00:aa:bb:96:96:32 may 37 18 8 11 192.168.78.61 NetBIOS Name UNKNOWN\testlab\ host61 DNS Name host61.test.lab MAC Address Repository OS CPE IBM Detailed Vulnerability Summary Tenable Network Security 4 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.45.52 00:aa:bb:96:89:47 may 37 18 8 11 192.168.5.20 00:aa:bb:96:72:35 may 37 18 8 11 192.168.101.36 00:aa:bb:96:58:16 march 37 18 8 11 192.168.213.44 00:aa:bb:96:45:92 march 37 18 8 11 192.168.5.39 00:aa:bb:96:41:87 may 37 18 8 11 192.168.211.48 00:aa:bb:96:39:67 may 37 18 8 11 192.168.89.46 00:aa:bb:96:35:64 april 37 18 8 11 192.168.161.30 00:aa:bb:96:27:10 march 37 18 8 11 192.168.103.38 00:aa:bb:96:20:92 april 37 18 8 11 192.168.166.22 00:aa:bb:95:81:84 april 37 18 8 11 192.168.194.44 00:aa:bb:95:59:67 april 37 18 8 11 192.168.213.32 00:aa:bb:95:41:61 march 37 18 8 11 192.168.58.17 00:aa:bb:95:36:89 april 37 18 8 11 192.168.5.53 00:aa:bb:95:35:50 may 37 18 8 11 192.168.166.24 00:aa:bb:95:18:78 april 37 18 8 11 192.168.79.46 00:aa:bb:95:12:36 april 37 18 8 11 192.168.191.46 00:aa:bb:94:97:35 may 37 18 8 11 192.168.121.50 00:aa:bb:94:88:65 may 37 18 8 11 192.168.171.53 00:aa:bb:94:82:22 may 37 18 8 11 192.168.85.51 00:aa:bb:94:80:85 april 37 18 8 11 192.168.22.24 00:aa:bb:94:76:70 march 37 18 8 11 192.168.159.13 00:aa:bb:94:67:25 may 37 18 8 11 192.168.167.14 00:aa:bb:94:65:20 may 37 18 8 11 192.168.132.38 00:aa:bb:94:54:74 march 37 18 8 11 192.168.132.37 00:aa:bb:94:51:60 march 37 18 8 11 192.168.85.64 00:aa:bb:94:28:53 april 37 18 8 11 192.168.22.32 00:aa:bb:94:16:10 march 37 18 8 11 192.168.167.19 00:aa:bb:94:12:31 may 37 18 8 11 192.168.22.29 00:aa:bb:93:84:96 march 37 18 8 11 192.168.171.45 00:aa:bb:93:81:36 may 37 18 8 11 IBM Detailed Vulnerability Summary Tenable Network Security 5 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.58.4 00:aa:bb:93:81:34 april 37 18 8 11 192.168.191.62 00:aa:bb:93:79:62 may 37 18 8 11 192.168.161.15 00:aa:bb:93:68:36 may 37 18 8 11 192.168.58.32 00:aa:bb:93:66:51 april 37 18 8 11 192.168.23.39 00:aa:bb:93:65:16 april 37 18 8 11 192.168.161.6 00:aa:bb:93:54:17 may 37 18 8 11 192.168.194.21 00:aa:bb:92:59:24 april 37 18 8 11 192.168.105.42 00:aa:bb:92:51:68 may 37 18 8 11 192.168.89.50 00:aa:bb:92:38:66 april 37 18 8 11 192.168.171.49 00:aa:bb:92:27:62 may 37 18 8 11 192.168.121.67 00:aa:bb:92:22:35 may 37 18 8 11 192.168.191.52 00:aa:bb:92:21:75 may 37 18 8 11 192.168.133.13 00:aa:bb:92:10:52 april 37 18 8 11 192.168.93.35 00:aa:bb:91:85:19 may 37 18 8 11 192.168.19.14 00:aa:bb:91:82:98 april 37 18 8 11 192.168.109.28 00:aa:bb:91:66:93 march 37 18 8 11 192.168.5.41 00:aa:bb:91:30:66 may 37 18 8 11 192.168.130.51 00:aa:bb:91:23:47 march 37 18 8 11 192.168.211.56 00:aa:bb:90:95:71 may 37 18 8 11 192.168.144.25 00:aa:bb:90:85:45 april 37 18 8 11 192.168.191.48 00:aa:bb:90:82:87 may 37 18 8 11 192.168.166.30 00:aa:bb:90:79:96 april 37 18 8 11 192.168.121.62 00:aa:bb:90:77:12 may 37 18 8 11 192.168.132.33 00:aa:bb:90:67:91 march 37 18 8 11 192.168.85.53 00:aa:bb:90:65:22 april 37 18 8 11 192.168.43.36 00:aa:bb:90:62:65 march 37 18 8 11 192.168.144.12 00:aa:bb:90:57:16 april 37 18 8 11 192.168.79.37 00:aa:bb:90:41:62 april 37 18 8 11 192.168.144.19 00:aa:bb:90:35:35 april 37 18 8 11 192.168.167.24 00:aa:bb:90:21:63 may 37 18 8 11 IBM Detailed Vulnerability Summary Tenable Network Security 6 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.191.59 00:aa:bb:90:18:62 may 37 18 8 11 192.168.45.44 00:aa:bb:89:48:34 may 37 18 8 11 192.168.85.68 00:aa:bb:89:30:60 april 37 18 8 11 192.168.105.51 00:aa:bb:89:21:67 may 37 18 8 11 192.168.205.44 00:aa:bb:88:97:80 april 37 18 8 11 192.168.89.51 00:aa:bb:88:97:28 april 37 18 8 11 192.168.147.28 00:aa:bb:88:73:18 march 37 18 8 11 192.168.205.34 00:aa:bb:88:71:46 april 37 18 8 11 192.168.144.27 00:aa:bb:88:56:61 april 37 18 8 11 192.168.123.33 00:aa:bb:88:41:87 april 37 18 8 11 00:aa:bb:88:33:43 may 37 18 8 11 00:aa:bb:88:31:28 march 37 18 8 11 192.168.191.63 192.168.195.16 UNKNOWN\testlab\ host16 host16.test.lab Vulnerabilities Total Severity Plugin Name Family 889 Critical DB2 < 8 Fix Pack 7a Multiple Vulnerabilities Databases 889 Critical DB2 < 9 Fix Pack 3 / 8 FixPak 15 Multiple Vulnerabilities Databases 889 Critical DB2 < 9 Fix Pack 4 Multiple Vulnerabilities Databases 889 Critical DB2 < 8.1 FixPak 16 Multiple Vulnerabilities Databases 889 Critical DB2 < 9 Fix Pack 5 Multiple Vulnerabilities Databases 889 Critical DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities Databases 889 Critical DB2 8 < Fix Pack 17 Multiple Vulnerabilities Databases IBM Detailed Vulnerability Summary Tenable Network Security 7 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 889 Critical DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities Databases 889 Critical DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities Databases 889 Critical DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities Databases 889 Critical DB2 Unsupported Version Detection Databases 889 High DB2 < 9 Fix Pack 2 Multiple Vulnerabilities Databases 889 High DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities Databases 889 High DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities Databases 889 High DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities Databases 889 High DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities Databases 889 High DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities Databases 889 High DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities Databases 889 High DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities Databases 889 Medium DB2 Multiple CGI Single Byte Request Remote DoS Databases 889 Medium DB2 Discovery Service Malformed Databases UDP Packet Remote DoS 889 Medium DB2 < 8.1 FixPak 12 EXCSAT Long MGRLVLLS Message Remote DoS Databases 889 Medium DB2 < 8.1 FixPak 13 CONNECT Processing Unspecified DoS Databases 889 Medium DB2 < 8.1 FixPak 14 Multiple Vulnerabilities Databases IBM Detailed Vulnerability Summary Tenable Network Security 8 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 889 Medium DB2 9.1 < Fix Pack 7 Multiple Vulnerabilities Databases 889 Medium DB2 < 9.5 Fix Pack 4 Multiple Vulnerabilities Databases 889 Medium DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities Databases 889 Medium DB2 9.1 < Fix Pack 8 Multiple Vulnerabilities Databases 889 Medium DB2 9.5 < Fix Pack 5 Unspecified Vulnerabilities Databases 889 Medium DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities Databases 889 Medium DB2 9.7 < Fix Pack 2 Multiple Vulnerabilities Databases 889 Medium DB2 9.7 < Fix Pack 3 Multiple Vulnerabilities Databases 889 Medium DB2 9.7 < Fix Pack 4 Multiple Vulnerabilities Databases 889 Medium DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities Databases 889 Medium DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities Databases 889 Medium DB2 9.1 < Fix Pack 11 Multiple Denial of Service Vulnerabilities Databases 889 Medium DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities Databases Exploits Total Host Total Severity Plugin Name 889 889 Critical DB2 < 8 Fix Pack 7a Multiple Vulnerabilities 889 889 Critical DB2 < 9 Fix Pack 3 / 8 FixPak 15 Multiple Vulnerabilities IBM Detailed Vulnerability Summary Tenable Network Security 9 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 889 889 Critical DB2 < 9 Fix Pack 4 Multiple Vulnerabilities 889 889 Critical DB2 < 8.1 FixPak 16 Multiple Vulnerabilities 889 889 High DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities 889 889 High DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities 889 889 High DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities 889 889 High DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities 889 889 Medium DB2 Multiple CGI Single Byte Request Remote DoS 889 889 Medium DB2 Discovery Service Malformed UDP Packet Remote DoS 889 889 Medium DB2 < 8.1 FixPak 13 CONNECT Processing Unspecified DoS 889 889 Medium DB2 < 8.1 FixPak 14 Multiple Vulnerabilities 889 889 Medium DB2 9.1 < Fix Pack 7 Multiple Vulnerabilities 889 889 Medium DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities 889 889 Medium DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities 889 889 Medium DB2 9.1 < Fix Pack 11 Multiple Denial of Service Vulnerabilities 889 889 Medium DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities IBM Detailed Vulnerability Summary Tenable Network Security 10 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Collaboration & Enterprise Applications Systems IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.194.27 00:aa:bb:98:94:92 april 44 18 19 7 192.168.45.49 00:aa:bb:98:92:87 may 44 18 19 7 192.168.166.35 00:aa:bb:98:87:47 april 44 18 19 7 192.168.93.31 00:aa:bb:98:71:89 may 44 18 19 7 192.168.45.46 00:aa:bb:98:58:86 may 44 18 19 7 192.168.171.2 00:aa:bb:98:50:10 may 39 15 17 7 192.168.143.27 00:aa:bb:98:43:78 may 5 3 2 0 192.168.13.44 00:aa:bb:98:35:78 april 39 15 17 7 192.168.23.41 00:aa:bb:98:35:29 april 44 18 19 7 192.168.213.53 00:aa:bb:98:33:25 march 44 18 19 7 192.168.93.34 00:aa:bb:98:29:75 may 44 18 19 7 192.168.133.19 00:aa:bb:98:17:22 april 44 18 19 7 192.168.128.20 00:aa:bb:97:95:94 march 39 15 17 7 192.168.134.7 00:aa:bb:97:85:39 march 5 3 2 0 00:aa:bb:97:78:94 may 44 18 19 7 192.168.189.22 00:aa:bb:97:77:94 march 39 15 17 7 192.168.69.57 00:aa:bb:97:60:59 april 5 3 2 0 192.168.62.37 00:aa:bb:97:60:52 april 44 18 19 7 192.168.19.24 00:aa:bb:97:51:21 april 44 18 19 7 192.168.3.51 00:aa:bb:97:47:43 april 5 3 2 0 192.168.133.8 00:aa:bb:97:38:74 april 44 18 19 7 192.168.62.43 00:aa:bb:97:37:25 april 44 18 19 7 192.168.215.42 00:aa:bb:97:33:55 may 5 3 2 0 192.168.215.17 00:aa:bb:97:26:94 march 5 3 2 0 192.168.78.61 UNKNOWN\testlab\ host61 host61.test.lab IBM Detailed Vulnerability Summary Tenable Network Security 11 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.195.36 00:aa:bb:97:16:45 march 44 18 19 7 192.168.147.30 00:aa:bb:97:11:62 march 44 18 19 7 192.168.22.42 00:aa:bb:96:97:73 march 44 18 19 7 192.168.105.50 00:aa:bb:96:96:32 may 44 18 19 7 192.168.69.44 00:aa:bb:96:90:36 april 5 3 2 0 192.168.45.52 00:aa:bb:96:89:47 may 44 18 19 7 192.168.213.44 00:aa:bb:96:45:92 march 44 18 19 7 192.168.89.46 00:aa:bb:96:35:64 april 44 18 19 7 192.168.10.51 00:aa:bb:96:31:89 may 39 15 17 7 192.168.103.38 00:aa:bb:96:20:92 april 44 18 19 7 192.168.136.20 00:aa:bb:96:20:55 april 5 3 2 0 192.168.166.22 00:aa:bb:95:81:84 april 44 18 19 7 192.168.170.11 00:aa:bb:95:80:91 may 39 15 17 7 192.168.171.9 00:aa:bb:95:64:88 may 39 15 17 7 192.168.194.44 00:aa:bb:95:59:67 april 44 18 19 7 192.168.69.50 00:aa:bb:95:51:76 april 5 3 2 0 192.168.213.32 00:aa:bb:95:41:61 march 44 18 19 7 192.168.22.27 00:aa:bb:95:35:14 april 39 15 17 7 192.168.166.24 00:aa:bb:95:18:78 april 44 18 19 7 192.168.190.39 00:aa:bb:94:98:44 march 39 15 17 7 192.168.191.46 00:aa:bb:94:97:35 may 44 18 19 7 192.168.190.52 00:aa:bb:94:90:85 march 39 15 17 7 192.168.85.51 00:aa:bb:94:80:85 april 44 18 19 7 192.168.22.24 00:aa:bb:94:76:70 march 44 18 19 7 192.168.159.13 00:aa:bb:94:67:25 may 44 18 19 7 192.168.167.14 00:aa:bb:94:65:20 may 44 18 19 7 192.168.85.8 00:aa:bb:94:63:60 may 5 3 2 0 192.168.132.38 00:aa:bb:94:54:74 march 44 18 19 7 192.168.132.37 00:aa:bb:94:51:60 march 44 18 19 7 192.168.69.55 00:aa:bb:94:50:21 april 5 3 2 0 IBM Detailed Vulnerability Summary Tenable Network Security 12 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.143.36 00:aa:bb:94:31:39 may 5 3 2 0 192.168.85.64 00:aa:bb:94:28:53 april 44 18 19 7 192.168.13.36 00:aa:bb:94:18:33 april 39 15 17 7 192.168.22.32 00:aa:bb:94:16:10 march 44 18 19 7 192.168.167.19 00:aa:bb:94:12:31 may 44 18 19 7 192.168.22.29 00:aa:bb:93:84:96 march 44 18 19 7 192.168.162.34 00:aa:bb:93:81:42 may 5 3 2 0 192.168.162.41 00:aa:bb:93:81:27 may 5 3 2 0 192.168.191.62 00:aa:bb:93:79:62 may 44 18 19 7 192.168.78.23 00:aa:bb:93:70:80 march 39 15 17 7 192.168.161.15 00:aa:bb:93:68:36 may 44 18 19 7 192.168.23.39 00:aa:bb:93:65:16 april 44 18 19 7 192.168.161.6 00:aa:bb:93:54:17 may 44 18 19 7 192.168.78.33 00:aa:bb:93:52:57 march 39 15 17 7 192.168.78.24 00:aa:bb:93:49:21 march 39 15 17 7 192.168.170.12 00:aa:bb:93:48:60 may 39 15 17 7 192.168.215.22 00:aa:bb:92:91:16 may 5 3 2 0 192.168.3.57 00:aa:bb:92:74:93 april 5 3 2 0 192.168.143.29 00:aa:bb:92:70:80 may 5 3 2 0 192.168.189.31 00:aa:bb:92:64:77 march 39 15 17 7 192.168.194.21 00:aa:bb:92:59:24 april 44 18 19 7 192.168.148.45 00:aa:bb:92:58:38 may 5 3 2 0 192.168.148.30 00:aa:bb:92:58:18 may 5 3 2 0 192.168.105.42 00:aa:bb:92:51:68 may 44 18 19 7 192.168.89.50 00:aa:bb:92:38:66 april 44 18 19 7 192.168.69.54 00:aa:bb:92:22:42 april 5 3 2 0 192.168.191.52 00:aa:bb:92:21:75 may 44 18 19 7 192.168.215.41 00:aa:bb:92:17:61 may 5 3 2 0 192.168.133.13 00:aa:bb:92:10:52 april 44 18 19 7 192.168.93.35 00:aa:bb:91:85:19 may 44 18 19 7 IBM Detailed Vulnerability Summary Tenable Network Security 13 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.19.14 00:aa:bb:91:82:98 april 44 18 19 7 192.168.57.30 00:aa:bb:91:80:93 april 5 3 2 0 192.168.128.18 00:aa:bb:91:40:53 march 39 15 17 7 192.168.171.14 00:aa:bb:91:37:67 may 39 15 17 7 192.168.162.33 00:aa:bb:91:33:32 may 5 3 2 0 192.168.130.51 00:aa:bb:91:23:47 march 44 18 19 7 192.168.3.74 00:aa:bb:90:95:52 april 5 3 2 0 192.168.57.23 00:aa:bb:90:92:31 april 5 3 2 0 192.168.3.70 00:aa:bb:90:91:51 april 5 3 2 0 192.168.191.48 00:aa:bb:90:82:87 may 44 18 19 7 192.168.166.30 00:aa:bb:90:79:96 april 44 18 19 7 192.168.132.33 00:aa:bb:90:67:91 march 44 18 19 7 192.168.85.53 00:aa:bb:90:65:22 april 44 18 19 7 192.168.43.36 00:aa:bb:90:62:65 march 44 18 19 7 192.168.61.29 00:aa:bb:90:43:56 march 5 3 2 0 192.168.10.41 00:aa:bb:90:41:51 may 39 15 17 7 Vulnerabilities Total Severity Plugin Name Family 891 Critical IBM Lotus Domino SMTP Server Malformed Meeting Request (vCal) SMTP problems DoS 891 Critical IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 Authentication Remote Overflow Gain a shell remotely 891 Critical IBM Lotus Domino < 6.5.6 FP2 Multiple Vulnerabilities Gain a shell remotely 891 Critical IBM Lotus Domino < 7.0.2 FP2 Multiple Vulnerabilities Gain a shell remotely IBM Detailed Vulnerability Summary Tenable Network Security 14 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 891 Critical IBM Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities Web Servers 891 Critical IBM Lotus Symphony < 3.0 Fix Pack 3 Multiple Vulnerabilities Windows 891 Critical IBM Lotus Domino 8.5.x < 8.5.3 Multiple Vulnerabilities Web Servers 895 High IBM InfoSphere Data Replication Dashboard Default Credentials CGI abuses 895 High IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration CGI abuses 891 High IBM Lotus Domino < 5.0.12 / 6.0.1 Gain a shell remotely Multiple Vulnerabilities 891 High IBM Lotus Domino 6.0 Multiple Vulnerabilities Web Servers 891 High IBM Lotus Domino Server time/ date Fields Remote Overflow CGI abuses 891 High Lotus Notes < 6.5.5 / 7.0.1 Attachment Handling Vulnerabilities Gain a shell remotely 891 High Lotus Notes Client < 7.0.3 / 8.0.1 Multiple Overflows Windows 891 High IBM Lotus Domino IMAP Service Mailbox Name Overflow Gain a shell remotely 891 High IBM Lotus Domino Web Access ActiveX Control Buffer Overflow Vulnerabilities Windows 891 High IBM Lotus Domino < 7.0.2 FP3 Unspecified DoS Denial of Service 891 High Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities (Lotus Notes) Windows 891 High IBM Lotus Domino iCalendar Email SMTP problems Address ORGANIZER:mailto Header Remote Overflow IBM Detailed Vulnerability Summary Tenable Network Security 15 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 891 High IBM Lotus Notes Attachment Windows Handling Multiple Buffer Overflows 891 High IBM Lotus Symphony < 3.0.1 Embedded Image File Handling Remote Overflows 891 High IBM Lotus iNotes Upload Module ActiveX Control Windows Attachment_Times() Method Buffer Overflow 891 High IBM Lotus Notes < 8.5.3 FP2 URL Handler Unspecified Remote Code Windows Execution 891 High IBM Lotus Symphony < 3.0.1 Fix Pack 2 Multiple Vulnerabilities Windows 891 High IBM Lotus Notes 8.5.1 / 8.5.2 / 8.5.3 < 8.5.3 FP3 Multiple Vulnerabilities Windows 891 High IBM Lotus Domino 8.5.x Multiple Vulnerabilities Web Servers 895 Medium Multiple Vendor RPC portmapper Access Restriction Bypass RPC 895 Medium IBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow Windows 895 Medium IBM InfoSphere Data Replication Dashboard User Enumeration CGI abuses 891 Medium IBM Lotus Domino ?open Forced Directory Listing Web Servers 891 Medium IBM Lotus Domino HTTP Server Filesystem Setup Disclosure Web Servers 891 Medium IBM Lotus Domino HTTP /cgi-bin Relative URL Request DoS Web Servers 891 Medium IBM Lotus Domino Administration Databases Anonymous Access Web Servers 891 Medium IBM Lotus Domino Crafted .nsf Request Authentication Bypass Web Servers Windows IBM Detailed Vulnerability Summary Tenable Network Security 16 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 891 Medium IBM Lotus Domino Directory Traversal Arbitrary File Access Web Servers 891 Medium IBM Lotus Domino nsf File Argument XSS CGI abuses : XSS 891 Medium Lotus Domino SMTP Server Forged Localhost Mail Header DoS SMTP problems 891 Medium IBM Lotus Notes/Domino Square Brackets Encoding Failure XSS CGI abuses : XSS 891 Medium IBM Lotus Domino Web Service NLSCCSTR.DLL Malformed GET Request Overflow DoS Web Servers 891 Medium IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure Web Servers 891 Medium Lotus Domino Multiple Script Src / BaseTarget XSS CGI abuses : XSS 891 Medium Lotus Domino LDAP Server Crafted Packet Remote DoS Denial of Service 891 Medium IBM Lotus Notes / Domino Client Memory Mapped Files Privilege Escalation Windows 891 Medium IBM Lotus Sametime Server stconf.nsf messageString Parameter XSS CGI abuses : XSS Exploits Total Host Total Severity Plugin Name 891 891 Critical IBM Lotus Domino SMTP Server Malformed Meeting Request (vCal) DoS 891 891 Critical IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 Authentication Remote Overflow IBM Detailed Vulnerability Summary Tenable Network Security 17 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 891 891 Critical IBM Lotus Domino < 6.5.6 FP2 Multiple Vulnerabilities 891 891 Critical IBM Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities 891 891 Critical IBM Lotus Symphony < 3.0 Fix Pack 3 Multiple Vulnerabilities 891 891 Critical IBM Lotus Domino 8.5.x < 8.5.3 Multiple Vulnerabilities 895 895 High IBM InfoSphere Data Replication Dashboard Default Credentials 891 891 High Lotus Notes Client < 7.0.3 / 8.0.1 Multiple Overflows 891 891 High IBM Lotus Domino IMAP Service Mailbox Name Overflow 891 891 High IBM Lotus Domino Web Access ActiveX Control Buffer Overflow Vulnerabilities 891 891 High Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities (Lotus Notes) 891 891 High IBM Lotus Domino iCalendar Email Address ORGANIZER:mailto Header Remote Overflow 891 891 High IBM Lotus Notes Attachment Handling Multiple Buffer Overflows 891 891 High IBM Lotus Symphony < 3.0.1 Embedded Image File Handling Remote Overflows 891 891 High IBM Lotus iNotes Upload Module ActiveX Control Attachment_Times() Method Buffer Overflow 891 891 High IBM Lotus Notes < 8.5.3 FP2 URL Handler Unspecified Remote Code Execution 891 891 High IBM Lotus Notes 8.5.1 / 8.5.2 / 8.5.3 < 8.5.3 FP3 Multiple Vulnerabilities 891 891 High IBM Lotus Domino 8.5.x Multiple Vulnerabilities IBM Detailed Vulnerability Summary Tenable Network Security 18 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 895 895 Medium Multiple Vendor RPC portmapper Access Restriction Bypass 891 891 Medium IBM Lotus Domino Administration Databases Anonymous Access 891 891 Medium IBM Lotus Domino Crafted .nsf Request Authentication Bypass 891 891 Medium IBM Lotus Domino Directory Traversal Arbitrary File Access 891 891 Medium IBM Lotus Notes/Domino Square Brackets Encoding Failure XSS 891 891 Medium IBM Lotus Domino Web Service NLSCCSTR.DLL Malformed GET Request Overflow DoS 891 891 Medium IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure 891 891 Medium Lotus Domino Multiple Script Src / BaseTarget XSS 891 891 Medium Lotus Domino LDAP Server Crafted Packet Remote DoS 891 891 Medium IBM Lotus Sametime Server stconf.nsf messageString Parameter XSS IBM Detailed Vulnerability Summary Tenable Network Security 19 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Enterprise Management & Network Services Systems Vulnerabilities Exploits IBM Detailed Vulnerability Summary Tenable Network Security 20 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Operating System & Hardware Systems IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.194.27 00:aa:bb:98:94:92 april 788 145 599 44 192.168.166.35 00:aa:bb:98:87:47 april 788 145 599 44 192.168.133.19 00:aa:bb:98:17:22 april 788 145 599 44 192.168.19.24 00:aa:bb:97:51:21 april 788 145 599 44 192.168.133.8 00:aa:bb:97:38:74 april 788 145 599 44 192.168.147.30 00:aa:bb:97:11:62 march 788 145 599 44 192.168.22.42 00:aa:bb:96:97:73 march 788 145 599 44 192.168.89.46 00:aa:bb:96:35:64 april 788 145 599 44 192.168.166.22 00:aa:bb:95:81:84 april 788 145 599 44 192.168.194.44 00:aa:bb:95:59:67 april 788 145 599 44 192.168.166.24 00:aa:bb:95:18:78 april 788 145 599 44 192.168.191.46 00:aa:bb:94:97:35 may 788 145 599 44 192.168.22.24 00:aa:bb:94:76:70 march 788 145 599 44 192.168.159.13 00:aa:bb:94:67:25 may 788 145 599 44 192.168.167.14 00:aa:bb:94:65:20 may 788 145 599 44 192.168.22.32 00:aa:bb:94:16:10 march 788 145 599 44 192.168.167.19 00:aa:bb:94:12:31 may 788 145 599 44 192.168.22.29 00:aa:bb:93:84:96 march 788 145 599 44 192.168.191.62 00:aa:bb:93:79:62 may 788 145 599 44 192.168.194.21 00:aa:bb:92:59:24 april 788 145 599 44 192.168.89.50 00:aa:bb:92:38:66 april 788 145 599 44 192.168.191.52 00:aa:bb:92:21:75 may 788 145 599 44 192.168.133.13 00:aa:bb:92:10:52 april 788 145 599 44 192.168.19.14 00:aa:bb:91:82:98 april 788 145 599 44 192.168.191.48 00:aa:bb:90:82:87 may 788 145 599 44 IBM Detailed Vulnerability Summary Tenable Network Security 21 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.166.30 00:aa:bb:90:79:96 april 788 145 599 44 192.168.43.36 00:aa:bb:90:62:65 march 788 145 599 44 192.168.167.24 00:aa:bb:90:21:63 may 788 145 599 44 192.168.191.59 00:aa:bb:90:18:62 may 788 145 599 44 192.168.89.51 00:aa:bb:88:97:28 april 788 145 599 44 192.168.147.28 00:aa:bb:88:73:18 march 788 145 599 44 192.168.191.63 00:aa:bb:88:33:43 may 788 145 599 44 192.168.166.38 00:aa:bb:87:69:24 april 788 145 599 44 192.168.166.23 00:aa:bb:87:48:86 april 788 145 599 44 192.168.147.29 00:aa:bb:87:18:94 march 788 145 599 44 192.168.191.65 00:aa:bb:87:10:53 may 788 145 599 44 192.168.151.17 00:aa:bb:86:87:94 may 788 145 599 44 192.168.43.32 00:aa:bb:86:59:42 march 788 145 599 44 192.168.19.12 00:aa:bb:86:30:23 april 788 145 599 44 192.168.166.29 00:aa:bb:85:89:43 april 788 145 599 44 192.168.191.60 00:aa:bb:85:86:45 may 788 145 599 44 192.168.133.14 00:aa:bb:85:55:27 april 788 145 599 44 192.168.19.18 00:aa:bb:85:53:75 april 788 145 599 44 192.168.19.13 00:aa:bb:84:76:48 april 788 145 599 44 192.168.19.10 00:aa:bb:84:55:20 april 788 145 599 44 192.168.19.27 00:aa:bb:83:76:87 april 788 145 599 44 192.168.22.37 00:aa:bb:83:67:95 march 788 145 599 44 192.168.167.10 00:aa:bb:83:64:69 may 788 145 599 44 192.168.167.13 00:aa:bb:82:90:21 may 788 145 599 44 192.168.159.15 00:aa:bb:82:57:26 may 788 145 599 44 192.168.194.33 00:aa:bb:82:54:57 april 788 145 599 44 192.168.18.6 00:aa:bb:81:52:46 may 788 145 599 44 192.168.194.23 00:aa:bb:81:24:97 april 788 145 599 44 192.168.166.40 00:aa:bb:81:18:33 april 788 145 599 44 192.168.43.40 00:aa:bb:80:84:32 march 788 145 599 44 IBM Detailed Vulnerability Summary Tenable Network Security 22 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.167.28 00:aa:bb:80:83:58 may 788 145 599 44 192.168.19.9 00:aa:bb:80:51:86 april 788 145 599 44 192.168.89.53 00:aa:bb:80:38:31 april 788 145 599 44 192.168.167.15 00:aa:bb:79:94:84 may 788 145 599 44 192.168.167.22 00:aa:bb:78:89:85 may 788 145 599 44 192.168.188.26 00:aa:bb:78:67:59 march 788 145 599 44 192.168.22.43 00:aa:bb:78:37:58 march 788 145 599 44 192.168.191.70 00:aa:bb:77:78:25 may 788 145 599 44 192.168.159.17 00:aa:bb:76:87:71 may 788 145 599 44 192.168.43.52 00:aa:bb:76:74:27 march 788 145 599 44 192.168.18.10 00:aa:bb:76:48:22 may 788 145 599 44 192.168.18.9 00:aa:bb:76:35:43 may 788 145 599 44 192.168.194.37 00:aa:bb:76:25:97 april 788 145 599 44 192.168.166.33 00:aa:bb:74:86:73 april 788 145 599 44 192.168.22.26 00:aa:bb:74:77:74 march 788 145 599 44 192.168.19.30 00:aa:bb:74:49:41 april 788 145 599 44 192.168.22.28 00:aa:bb:74:27:15 march 788 145 599 44 192.168.43.41 00:aa:bb:74:13:18 march 788 145 599 44 192.168.147.31 00:aa:bb:73:57:12 march 788 145 599 44 192.168.194.20 00:aa:bb:73:55:34 april 788 145 599 44 192.168.133.5 00:aa:bb:73:40:53 april 788 145 599 44 192.168.22.19 00:aa:bb:72:95:39 march 788 145 599 44 192.168.18.14 00:aa:bb:72:74:10 may 788 145 599 44 192.168.167.18 00:aa:bb:72:73:96 may 788 145 599 44 192.168.167.20 00:aa:bb:72:57:70 may 788 145 599 44 192.168.18.12 00:aa:bb:72:43:22 may 788 145 599 44 192.168.22.23 00:aa:bb:72:37:42 march 788 145 599 44 192.168.167.23 00:aa:bb:71:72:78 may 788 145 599 44 192.168.133.11 00:aa:bb:71:26:40 april 788 145 599 44 192.168.133.15 00:aa:bb:71:22:71 april 788 145 599 44 IBM Detailed Vulnerability Summary Tenable Network Security 23 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.133.12 00:aa:bb:71:20:12 april 788 145 599 44 192.168.167.12 00:aa:bb:70:89:30 may 788 145 599 44 192.168.43.35 00:aa:bb:70:44:39 march 788 145 599 44 192.168.22.46 00:aa:bb:70:37:62 march 788 145 599 44 192.168.159.10 00:aa:bb:70:28:67 may 788 145 599 44 192.168.166.25 00:aa:bb:70:18:64 april 788 145 599 44 192.168.19.29 00:aa:bb:70:15:84 april 788 145 599 44 192.168.151.18 00:aa:bb:70:12:64 may 788 145 599 44 192.168.43.44 00:aa:bb:69:62:41 march 788 145 599 44 192.168.151.19 00:aa:bb:69:53:95 may 788 145 599 44 192.168.194.36 00:aa:bb:69:27:12 april 788 145 599 44 192.168.194.43 00:aa:bb:69:25:70 april 788 145 599 44 192.168.18.11 00:aa:bb:68:85:38 may 788 145 599 44 192.168.89.47 00:aa:bb:68:57:34 april 788 145 599 44 192.168.147.10 00:aa:bb:68:51:96 march 788 145 599 44 Vulnerabilities Total Severity Plugin Name Family 270 Critical AIX 5.2 TL 9 / 5.2 TL 10 : devices.scsi.tape.diag (U808291) AIX Local Security Checks 270 Critical AIX 5.3 TL 5 / 5.3 TL 6 : devices.scsi.tape.diag (U809472) AIX Local Security Checks 270 Critical AIX 6.1 : bos.net.nfs.client (U823848) AIX Local Security Checks 270 Critical AIX 6.1 TL 1 : bos.net.nfs.client (U823931) AIX Local Security Checks 270 Critical AIX 6.1 TL 2 : bos.net.nfs.client (U824054) AIX Local Security Checks IBM Detailed Vulnerability Summary Tenable Network Security 24 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 270 Critical AIX 5.3 TL 7 : bos.net.nfs.client (U825042) AIX Local Security Checks 270 Critical AIX 5.3 TL 8 : bos.net.nfs.client (U825103) AIX Local Security Checks 270 Critical AIX 5.3 TL 9 : bos.net.nfs.client (U825202) AIX Local Security Checks 270 Critical AIX 5.3 TL 9 : bos.net.nfs.client (U830259) AIX Local Security Checks 270 Critical AIX 5.3 TL 11 : bos.net.nfs.client (U832850) AIX Local Security Checks 270 Critical AIX 5.3 TL 10 : bos.net.nfs.client (U832864) AIX Local Security Checks 270 Critical AIX 6.1 TL 4 : bos.net.nfs.client (U833953) AIX Local Security Checks 270 Critical AIX 6.1 TL 2 : bos.net.nfs.client (U834083) AIX Local Security Checks 270 Critical AIX 6.1 TL 3 : bos.net.nfs.client (U834157) AIX Local Security Checks 270 Critical AIX 6.1 TL 5 : bos.net.nfs.client (U828006) AIX Local Security Checks 270 Critical AIX 5.3 TL 12 : bos.net.nfs.client (U830280) AIX Local Security Checks 270 Critical AIX 5.3 TL 11 : bos.net.tcp.client (U838020) AIX Local Security Checks 270 Critical AIX 5.3 TL 10 : bos.net.tcp.client (U838225) AIX Local Security Checks 270 Critical AIX 5.3 TL 12 : bos.net.tcp.client (U838600) AIX Local Security Checks 270 Critical IBM iSeries Default Password Misc. 270 Critical AIX 5.3 TL 12 : pcnfsd (IZ73590) AIX Local Security Checks 270 Critical AIX 6.1 TL 5 : pcnfsd (IZ73599) AIX Local Security Checks 270 Critical AIX 5.3 TL 11 : pcnfsd (IZ73681) AIX Local Security Checks 270 Critical AIX 5.3 TL 10 : pcnfsd (IZ73757) AIX Local Security Checks 270 Critical AIX 5.3 TL 9 : pcnfsd (IZ73874) AIX Local Security Checks IBM Detailed Vulnerability Summary Tenable Network Security 25 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 270 Critical AIX 6.1 TL 4 : pcnfsd (IZ75369) AIX Local Security Checks 270 Critical AIX 6.1 TL 3 : pcnfsd (IZ75440) AIX Local Security Checks 270 Critical AIX 6.1 TL 2 : pcnfsd (IZ75465) AIX Local Security Checks 270 Critical AIX 5.3 TL 9 : ftpd (IZ83252) AIX Local Security Checks 270 Critical AIX 5.3 TL 10 : ftpd (IZ83274) AIX Local Security Checks 270 Critical AIX 5.3 TL 11 : ftpd (IZ83275) AIX Local Security Checks 270 Critical AIX 5.3 TL 12 : ftpd (IZ83276) AIX Local Security Checks 270 Critical AIX 5.3 TL 7 : cmsd (IZ61628) AIX Local Security Checks 270 Critical AIX 5.3 TL 9 : cmsd (IZ61717) AIX Local Security Checks 270 Critical AIX 5.3 TL 10 : cmsd (IZ62123) AIX Local Security Checks 270 Critical AIX 5.3 TL 8 : cmsd (IZ62237) AIX Local Security Checks 270 Critical AIX 6.1 TL 0 : cmsd (IZ62569) AIX Local Security Checks 270 Critical AIX 6.1 TL 1 : cmsd (IZ62570) AIX Local Security Checks 270 Critical AIX 6.1 TL 2 : cmsd (IZ62571) AIX Local Security Checks 270 Critical AIX 6.1 TL 3 : cmsd (IZ62572) AIX Local Security Checks 270 Critical AIX 5.2 TL 8 : bos.net.tcp.client (U499696) AIX Local Security Checks 270 Critical AIX 5.3 TL 4 : bos.net.tcp.client (U800638) AIX Local Security Checks 270 Critical AIX 5.2 TL 8 : bos.mh (U804205) AIX Local Security Checks 270 Critical AIX 5.3 TL 4 : bos.mh (U804407) AIX Local Security Checks AIX Local Security Checks 270 High AIX 5.3 TL 3 / 5.3 TL 4 : sysmgt.websm.apps (U802725) 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.rte.methods (U807063) AIX Local Security Checks 270 High AIX 5.2 TL 9 / 5.2 TL 10 : bos.mh (U808256) AIX Local Security Checks 270 High AIX 5.2 TL 9 / 5.2 TL 10 : X11.apps.clients (U808260) AIX Local Security Checks 270 High AIX 5.2 TL 9 / 5.2 TL 10 : bos.rte.methods (U808278) AIX Local Security Checks IBM Detailed Vulnerability Summary Tenable Network Security 26 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 270 High AIX 5.2 TL 9 / 5.2 TL 10 : bos.net.snapp (U808279) AIX Local Security Checks 270 High AIX 5.2 TL 9 / 5.2 TL 10 : bos.diag.rte (U808292) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : X11.apps.clients (U809443) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.mh (U809446) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.acct (U809449) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.diag.rte (U809474) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.net.snapp (U809493) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.rte.methods (U809782) AIX Local Security Checks 270 High AIX 5.3 TL 5 : infocenter.man.EN_US.commands AIX Local Security Checks (U809832) 270 High AIX 5.2 TL 9 / 5.2 TL 10 : bos.net.uucp (U810148) AIX Local Security Checks 270 High AIX 5.2 TL 9 / 5.2 TL 10 : bos.rte.control (U810151) AIX Local Security Checks 270 High AIX 5.2 TL 9 / 5.2 TL 10 : bos.rte.console (U810156) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.net.tcp.server (U810439) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.rte.control (U810464) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.net.uucp (U810478) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : sysmgt.websm.framework (U810487) AIX Local Security Checks 270 High AIX 5.3 TL 5 / 5.3 TL 6 : bos.rte.console (U810489) AIX Local Security Checks IBM Detailed Vulnerability Summary Tenable Network Security 27 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 270 High AIX 5.3 TL 7 : X11.fnt.fontServer (U811498) AIX Local Security Checks 270 High AIX 5.3 TL 7 : devices.scsi.tape.diag (U811499) AIX Local Security Checks 270 High AIX 5.3 TL 7 : AIX Local Security Checks devices.chrp.base.diag (U811504) 270 High AIX 5.3 TL 6 : bos.rte.odm (U811918) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.svprint.rte (U812051) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.rte.lvm (U812063) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.net.tcp.client (U812065) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.net.tcp.server (U812091) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.rte.cron (U812104) AIX Local Security Checks 270 High AIX 5.3 TL 6 : devices.common.IBM.atm.rte (U812677) AIX Local Security Checks 270 High AIX 5.3 TL 6 : bos.net.nfs.cachefs (U812709) AIX Local Security Checks 270 High AIX 5.3 TL 6 : bos.net.tcp.server (U812718) AIX Local Security Checks 270 High AIX 5.3 TL 6 : bos.net.tcp.client (U812719) AIX Local Security Checks 270 High AIX 5.3 TL 6 : AIX Local Security Checks devices.chrp.base.diag (U813569) 270 High AIX 5.3 TL 6 : bos.rte.lvm (U813571) AIX Local Security Checks 270 High AIX 5.2 TL 10 : X11.fnt.fontServer (U814073) AIX Local Security Checks 270 High AIX 5.2 TL 10 : devices.scsi.tape.diag (U814076) AIX Local Security Checks IBM Detailed Vulnerability Summary Tenable Network Security 28 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 270 High AIX 5.2 TL 10 : AIX Local Security Checks devices.chrp.base.diag (U814077) 270 High AIX 5.3 TL 6 : X11.fnt.fontServer (U814154) AIX Local Security Checks 270 High AIX 5.3 TL 6 : devices.scsi.tape.diag (U814156) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.net.tcp.client (U814145) AIX Local Security Checks 270 High AIX 6.1 : devices.chrp.base.diag (U813685) AIX Local Security Checks 270 High AIX 6.1 : devices.scsi.tape.diag (U813895) AIX Local Security Checks 270 High AIX 6.1 : X11.fnt.fontServer (U813902) AIX Local Security Checks 270 High AIX 6.1 : X11.base.smt (U813903) AIX Local Security Checks 270 High AIX 6.1 : bos.net.nfs.client (U813913) AIX Local Security Checks 270 High AIX 6.1 : bos.net.tcp.client (U813914) AIX Local Security Checks 270 High AIX 6.1 : bos.wpars (U813930) AIX Local Security Checks 270 High AIX 6.1 : bos.rte.install (U813941) AIX Local Security Checks 270 High AIX 5.2 TL 10 : AIX Local Security Checks devices.chrp.base.diag (U805583) 270 High AIX 5.3 TL 6 : bos.net.uucp (U807711) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.net.uucp (U807849) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.rte.console (U809761) AIX Local Security Checks 270 High AIX 5.2 TL 10 : bos.perf.tools (U809775) AIX Local Security Checks IBM Detailed Vulnerability Summary Tenable Network Security 29 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Exploits Total Host Total Severity 270 270 Critical AIX 5.3 TL 9 : bos.net.nfs.client (U830259) Plugin Name 270 270 Critical AIX 5.3 TL 11 : bos.net.nfs.client (U832850) 270 270 Critical AIX 5.3 TL 10 : bos.net.nfs.client (U832864) 270 270 Critical AIX 6.1 TL 4 : bos.net.nfs.client (U833953) 270 270 Critical AIX 6.1 TL 2 : bos.net.nfs.client (U834083) 270 270 Critical AIX 6.1 TL 3 : bos.net.nfs.client (U834157) 270 270 Critical AIX 6.1 TL 5 : bos.net.nfs.client (U828006) 270 270 Critical AIX 5.3 TL 12 : bos.net.nfs.client (U830280) 270 270 Critical AIX 5.3 TL 11 : bos.net.tcp.client (U838020) 270 270 Critical AIX 5.3 TL 10 : bos.net.tcp.client (U838225) 270 270 Critical AIX 5.3 TL 12 : bos.net.tcp.client (U838600) 270 270 Critical IBM iSeries Default Password 270 270 Critical AIX 5.3 TL 7 : cmsd (IZ61628) 270 270 Critical AIX 5.3 TL 9 : cmsd (IZ61717) 270 270 Critical AIX 5.3 TL 10 : cmsd (IZ62123) 270 270 Critical AIX 5.3 TL 8 : cmsd (IZ62237) 270 270 Critical AIX 6.1 TL 0 : cmsd (IZ62569) 270 270 Critical AIX 6.1 TL 1 : cmsd (IZ62570) 270 270 Critical AIX 6.1 TL 2 : cmsd (IZ62571) 270 270 Critical AIX 6.1 TL 3 : cmsd (IZ62572) 270 270 High AIX 5.2 TL 10 : bos.rte.lvm (U812063) 270 270 High AIX 5.3 TL 6 : bos.rte.lvm (U813571) 270 270 High AIX 5.3 TL 6 : printers.rte (U814192) 270 270 High AIX 5.3 TL 7 : printers.rte (U815841) 270 270 High AIX 6.1 : printers.rte (U815329) 270 270 High AIX 5.2 TL 10 : printers.rte (U815029) 270 270 High AIX 5.2 TL 10 : X11.Dt.ToolTalk (U827247) 270 270 High AIX 6.1 TL 2 : X11.Dt.ToolTalk (U828317) 270 270 High AIX 6.1 TL 1 : X11.Dt.ToolTalk (U828561) IBM Detailed Vulnerability Summary Tenable Network Security 30 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 270 270 High AIX 6.1 : X11.Dt.ToolTalk (U828611) 270 270 High AIX 5.3 TL 9 : X11.Dt.ToolTalk (U829416) 270 270 High AIX 5.3 TL 8 : X11.Dt.ToolTalk (U829533) 270 270 High AIX 5.3 TL 7 : X11.Dt.ToolTalk (U829609) 270 270 High AIX 6.1 TL 3 : X11.Dt.ToolTalk (U828448) 270 270 High AIX 5.3 TL 10 : X11.Dt.ToolTalk (U829313) 270 270 High AIX 5.3 TL 12 : bind9 (IV09491) 270 270 High AIX 6.1 TL 7 : bind9 (IV09978) 270 270 High AIX 6.1 TL 3 : sendmail (IZ72510) 270 270 High AIX 6.1 TL 2 : sendmail (IZ72515) 270 270 High AIX 6.1 TL 1 : sendmail (IZ72528) 270 270 High AIX 5.2 TL 0 : pioout (IZ10840) 270 270 High AIX 5.3 TL 0 : pioout (IZ10841) 270 270 High AIX 5.3 TL 7 : pioout (IZ10842) 270 270 High AIX 6.1 TL 0 : pioout (IZ10844) 270 270 High AIX 5.2 TL 0 : libtt (IZ52842) 270 270 High AIX 5.3 TL 0 : libtt (IZ52843) 270 270 High AIX 5.3 TL 7 : libtt (IZ52844) 270 270 High AIX 5.3 TL 8 : libtt (IZ52845) 270 270 High AIX 5.3 TL 9 : libtt (IZ52846) 270 270 High AIX 6.1 TL 0 : libtt (IZ52848) 270 270 High AIX 6.1 TL 1 : libtt (IZ52849) 270 270 High AIX 6.1 TL 2 : libtt (IZ52850) 270 270 High AIX 6.1 TL 3 : libtt (IZ52851) 270 270 Medium AIX 5.2 TL 10 : printers.rte (U814071) 270 270 Medium AIX 5.3 TL 8 : bos.net.tcp.client (U832257) 270 270 Medium AIX 5.3 TL 12 : bos.esagent (U837542) 270 270 Medium AIX 5.3 TL 11 : bos.esagent (U837665) 270 270 Medium AIX 5.3 TL 10 : bos.esagent (U837870) 270 270 Medium AIX 6.1 TL 4 : bos.esagent (U836745) IBM Detailed Vulnerability Summary Tenable Network Security 31 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 270 270 Medium AIX 6.1 TL 3 : bos.esagent (U836962) 270 270 Medium AIX 6.1 TL 2 : bos.esagent (U837027) 270 270 Medium AIX 6.1 TL 5 : bos.esagent (U837109) 270 270 Medium AIX 6.1 TL 6 : bos.rte.security (U833130) 270 270 Medium AIX 5.3 TL 7 : bind (IZ56311) 270 270 Medium AIX 5.3 TL 8 : bind (IZ56312) 270 270 Medium AIX 5.3 TL 9 : bind (IZ56313) 270 270 Medium AIX 5.3 TL 10 : bind (IZ56314) 270 270 Medium AIX 6.1 TL 0 : bind (IZ56315) 270 270 Medium AIX 6.1 TL 1 : bind (IZ56316) 270 270 Medium AIX 6.1 TL 2 : bind (IZ56317) 270 270 Medium AIX 6.1 TL 3 : bind (IZ56318) 270 270 Medium AIX 5.3 TL 8 : xntpd (IZ68659) 270 270 Medium AIX 6.1 TL 4 : xntpd (IZ71071) 270 270 Medium AIX 5.3 TL 9 : xntpd (IZ71093) 270 270 Medium AIX 5.3 TL 10 : xntpd (IZ71608) 270 270 Medium AIX 5.3 TL 11 : xntpd (IZ71610) 270 270 Medium AIX 6.1 TL 1 : xntpd (IZ71611) 270 270 Medium AIX 6.1 TL 2 : xntpd (IZ71613) 270 270 Medium AIX 6.1 TL 3 : xntpd (IZ71614) 270 270 Medium AIX 5.3 TL 6 : printers.rte (U812659) IBM Detailed Vulnerability Summary Tenable Network Security 32 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Print Services Systems Vulnerabilities Exploits IBM Detailed Vulnerability Summary Tenable Network Security 33 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Security & Storage Systems Vulnerabilities Exploits IBM Detailed Vulnerability Summary Tenable Network Security 34 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Storage Systems Vulnerabilities Exploits IBM Detailed Vulnerability Summary Tenable Network Security 35 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Web Services Systems IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.194.27 00:aa:bb:98:94:92 april 96 57 20 19 192.168.45.49 00:aa:bb:98:92:87 may 96 57 20 19 192.168.166.35 00:aa:bb:98:87:47 april 96 57 20 19 192.168.222.53 00:aa:bb:98:85:28 april 96 57 20 19 192.168.93.31 00:aa:bb:98:71:89 may 96 57 20 19 192.168.45.46 00:aa:bb:98:58:86 may 96 57 20 19 192.168.8.39 00:aa:bb:98:36:76 march 96 57 20 19 192.168.23.41 00:aa:bb:98:35:29 april 96 57 20 19 192.168.213.53 00:aa:bb:98:33:25 march 96 57 20 19 192.168.93.34 00:aa:bb:98:29:75 may 96 57 20 19 192.168.68.39 00:aa:bb:98:29:21 may 96 57 20 19 192.168.17.34 00:aa:bb:98:28:51 march 96 57 20 19 00:aa:bb:98:17:22 april 96 57 20 19 192.168.133.19 192.168.78.61 UNKNOWN\testlab\ host61 host61.test.lab 00:aa:bb:97:78:94 may 96 57 20 19 192.168.153.30 UNKNOWN\testlab\ host30 host30.test.lab 00:aa:bb:97:69:38 may 96 57 20 19 192.168.62.37 00:aa:bb:97:60:52 april 96 57 20 19 192.168.68.38 00:aa:bb:97:54:98 may 96 57 20 19 192.168.19.24 00:aa:bb:97:51:21 april 96 57 20 19 192.168.68.50 00:aa:bb:97:44:19 may 96 57 20 19 192.168.133.8 00:aa:bb:97:38:74 april 96 57 20 19 192.168.62.43 00:aa:bb:97:37:25 april 96 57 20 19 192.168.195.36 00:aa:bb:97:16:45 march 96 57 20 19 192.168.147.30 00:aa:bb:97:11:62 march 96 57 20 19 IBM Detailed Vulnerability Summary Tenable Network Security 36 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.157.46 00:aa:bb:97:10:23 march 96 57 20 19 192.168.22.42 00:aa:bb:96:97:73 march 96 57 20 19 192.168.105.50 00:aa:bb:96:96:32 may 96 57 20 19 192.168.222.54 00:aa:bb:96:94:92 april 96 57 20 19 192.168.45.52 00:aa:bb:96:89:47 may 96 57 20 19 192.168.153.41 UNKNOWN\testlab\ host41 host41.test.lab 00:aa:bb:96:78:74 may 96 57 20 19 192.168.17.47 UNKNOWN\testlab\ host47 host47.test.lab 00:aa:bb:96:76:90 march 96 57 20 19 192.168.213.44 00:aa:bb:96:45:92 march 96 57 20 19 192.168.151.9 00:aa:bb:96:37:57 may 96 57 20 19 192.168.96.11 00:aa:bb:96:36:11 may 96 57 20 19 192.168.89.46 00:aa:bb:96:35:64 april 96 57 20 19 192.168.29.58 00:aa:bb:96:29:75 april 96 57 20 19 192.168.103.38 00:aa:bb:96:20:92 april 96 57 20 19 192.168.166.22 00:aa:bb:95:81:84 april 96 57 20 19 192.168.194.44 00:aa:bb:95:59:67 april 96 57 20 19 192.168.17.32 00:aa:bb:95:54:86 march 96 57 20 19 00:aa:bb:95:53:21 may 96 57 20 19 192.168.213.32 00:aa:bb:95:41:61 march 96 57 20 19 192.168.17.30 00:aa:bb:95:19:57 march 96 57 20 19 192.168.166.24 00:aa:bb:95:18:78 april 96 57 20 19 00:aa:bb:94:97:35 may 96 57 20 19 00:aa:bb:94:84:19 april 96 57 20 19 192.168.85.51 00:aa:bb:94:80:85 april 96 57 20 19 192.168.68.53 00:aa:bb:94:78:27 may 96 57 20 19 192.168.22.24 00:aa:bb:94:76:70 march 96 57 20 19 192.168.151.13 00:aa:bb:94:68:31 may 96 57 20 19 192.168.159.13 00:aa:bb:94:67:25 may 96 57 20 19 192.168.153.18 UNKNOWN\testlab\ host18 host18.test.lab 192.168.191.46 192.168.222.81 UNKNOWN\testlab\ host81 host81.test.lab IBM Detailed Vulnerability Summary Tenable Network Security 37 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.167.14 00:aa:bb:94:65:20 may 96 57 20 19 192.168.132.38 00:aa:bb:94:54:74 march 96 57 20 19 192.168.132.37 00:aa:bb:94:51:60 march 96 57 20 19 192.168.29.52 00:aa:bb:94:50:25 april 96 57 20 19 192.168.85.64 00:aa:bb:94:28:53 april 96 57 20 19 192.168.22.32 00:aa:bb:94:16:10 march 96 57 20 19 192.168.167.19 00:aa:bb:94:12:31 may 96 57 20 19 00:aa:bb:93:96:15 may 96 57 20 19 192.168.22.29 00:aa:bb:93:84:96 march 96 57 20 19 192.168.191.62 00:aa:bb:93:79:62 may 96 57 20 19 192.168.161.15 00:aa:bb:93:68:36 may 96 57 20 19 192.168.23.39 00:aa:bb:93:65:16 april 96 57 20 19 192.168.161.6 00:aa:bb:93:54:17 may 96 57 20 19 192.168.157.41 00:aa:bb:93:52:17 march 96 57 20 19 192.168.152.40 00:aa:bb:93:35:45 may 96 57 20 19 192.168.17.29 00:aa:bb:93:27:20 march 96 57 20 19 192.168.141.44 00:aa:bb:93:24:65 march 96 57 20 19 192.168.8.29 00:aa:bb:93:19:51 march 96 57 20 19 192.168.222.17 00:aa:bb:92:98:85 april 96 57 20 19 192.168.194.21 00:aa:bb:92:59:24 april 96 57 20 19 192.168.105.42 00:aa:bb:92:51:68 may 96 57 20 19 192.168.151.22 00:aa:bb:92:51:56 may 96 57 20 19 192.168.89.50 00:aa:bb:92:38:66 april 96 57 20 19 192.168.141.52 00:aa:bb:92:37:73 march 96 57 20 19 192.168.191.52 00:aa:bb:92:21:75 may 96 57 20 19 192.168.112.14 00:aa:bb:92:20:91 april 96 57 20 19 192.168.152.42 00:aa:bb:92:15:42 may 96 57 20 19 192.168.133.13 00:aa:bb:92:10:52 april 96 57 20 19 192.168.93.35 00:aa:bb:91:85:19 may 96 57 20 19 192.168.153.28 UNKNOWN\testlab\ host28 host28.test.lab IBM Detailed Vulnerability Summary Tenable Network Security 38 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IP Address NetBIOS Name DNS Name MAC Address Repository OS CPE Total Med. High Crit. 192.168.19.14 00:aa:bb:91:82:98 april 96 57 20 19 192.168.130.51 00:aa:bb:91:23:47 march 96 57 20 19 192.168.96.13 00:aa:bb:91:11:81 may 96 57 20 19 192.168.8.40 00:aa:bb:90:96:11 march 96 57 20 19 192.168.191.48 00:aa:bb:90:82:87 may 96 57 20 19 192.168.166.30 00:aa:bb:90:79:96 april 96 57 20 19 192.168.132.33 00:aa:bb:90:67:91 march 96 57 20 19 192.168.141.54 00:aa:bb:90:67:77 march 96 57 20 19 192.168.85.53 00:aa:bb:90:65:22 april 96 57 20 19 192.168.43.36 00:aa:bb:90:62:65 march 96 57 20 19 192.168.8.42 00:aa:bb:90:28:28 march 96 57 20 19 192.168.167.24 00:aa:bb:90:21:63 may 96 57 20 19 192.168.191.59 00:aa:bb:90:18:62 may 96 57 20 19 00:aa:bb:89:69:54 april 96 57 20 19 192.168.8.35 00:aa:bb:89:61:80 march 96 57 20 19 192.168.45.44 00:aa:bb:89:48:34 may 96 57 20 19 192.168.85.68 00:aa:bb:89:30:60 april 96 57 20 19 192.168.96.5 00:aa:bb:89:30:25 may 96 57 20 19 192.168.105.51 00:aa:bb:89:21:67 may 96 57 20 19 192.168.17.37 00:aa:bb:89:15:67 march 96 57 20 19 192.168.89.51 00:aa:bb:88:97:28 april 96 57 20 19 192.168.222.79 UNKNOWN\testlab\ host79 host79.test.lab Vulnerabilities Total Severity Plugin Name Family 901 Critical IBM Tivoli Firewall Toolbox (TFST) Firewalls Unspecified Remote Overflow 901 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Web Servers IBM Detailed Vulnerability Summary Tenable Network Security 39 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family Unspecified Input Validation Vulnerabilities 901 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Overflows Web Servers 901 Critical IBM Tivoli Storage Manager Multiple Remote Overflows Gain a shell remotely 901 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775) Web Servers 901 Critical IBM Tivoli Storage Manager Express Backup Server service (dsmsvc.exe) Packet Handling Remote Overflow Windows 901 Critical IBM Tivoli Provisioning Manager OS Deployment < 5.1.0.3 Interim Fix 3 HTTP Server Logging Functionality Remote Overflow Web Servers 901 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562) Gain a shell remotely 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.17 Multiple Vulnerabilities Web Servers 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.23 Unspecified Vulnerability (PK45726) Web Servers 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities Web Servers 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities Web Servers 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.13 Multiple Vulnerabilities Web Servers IBM Detailed Vulnerability Summary Tenable Network Security 40 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 901 Critical IBM WebSphere Application Server 7.0 < Fix Pack 11 Multiple Vulnerabilities Web Servers 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities Web Servers 901 Critical IBM Tivoli Directory Server Windows Vulnerabilities (credentialed check) 901 Critical IBM Tivoli Directory Server SASL Bind Request Buffer Overflow (uncredentialed check) Gain a shell remotely 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities Web Servers 901 Critical WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow Windows 901 High IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities Web Servers 901 High IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws Web Servers 901 High IBM Tivoli Storage Manager HSM Client < 5.5.1.8 / 5.4.2.6 Windows 901 High IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities Web Servers 901 High IBM WebSphere Application Server 7.0 < Fix Pack 3 Web Servers 901 High IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws Web Servers 901 High IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting Web Servers 901 High IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities Web Servers IBM Detailed Vulnerability Summary Tenable Network Security 41 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 901 High IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities Web Servers 901 High IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities Web Servers 901 High IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities Web Servers 901 High IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow Web Servers 901 High IBM Tivoli Storage Manager Client Multiple Buffer Overflows (swg21457604) Windows 901 High IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities Web Servers 901 High IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile Method Boundary Error Remote Overflow Windows 901 High Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections CGI abuses 901 High IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access CGI abuses 901 High IBM WebSphere Portal Dojo Module Arbitrary File Download CGI abuses 901 High WebSphere MQ 7.0.1 < 7.0.1.9 Global Security Toolkit Vulnerabilities Windows 901 High WebSphere MQ 7.1 < 7.1.0.2 Multiple Vulnerabilities Windows IBM Detailed Vulnerability Summary Tenable Network Security 42 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 901 Medium IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure CGI abuses 901 Medium IBM WebSphere Traversal Error Page XSS CGI abuses : XSS 901 Medium IBM WebSphere Edge Caching Proxy DoS Web Servers 901 Medium IBM WebSphere HTTP Request Header Remote Overflow Web Servers 901 Medium Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access CGI abuses 901 Medium IBM Tivoli Directory Server LDAP Packet Handling DoS Denial of Service 901 Medium IBM WebSphere Application Server '%20' Request Source Disclosure CGI abuses 901 Medium IBM WebSphere snoopservlet Path Disclosure CGI abuses 901 Medium IBM WebSphere Application Server SOAP Connector Error Page XSS CGI abuses : XSS 901 Medium IBM Tivoli Provisioning Manager for OS Deployment TFTPD Malformed PRQ Request DoS Windows 901 Medium IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities CGI abuses 901 Medium IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 1 Web Servers 901 Medium IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws Web Servers IBM Detailed Vulnerability Summary Tenable Network Security 43 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 901 Medium IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 5 Web Servers 901 Medium IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 7 Web Servers 901 Medium IBM WebSphere Application Server 6.0 < 6.0.2.39 Multiple Vulnerabilities Web Servers 901 Medium IBM Multiple Products login.php Query String XSS CGI abuses : XSS 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.9 Cross-session Web Servers Information Disclosure 901 Medium IBM WebSphere Application Server 6.0 < 6.0.2.41 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 9 Web Servers 901 Medium IBM WebSphere Application Server 6.0 < 6.0.2.43 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.35 Multiple Vulnerabilities Web Servers IBM Detailed Vulnerability Summary Tenable Network Security 44 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities Web Servers 901 Medium IBM Tivoli Management Framework Endpoint addr URL Default Credentials Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server < 6.1.0.29 Multiple Vulnerabilities Web Servers 901 Medium WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow Windows 901 Medium IBM WebSphere Application Server Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 21 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 8.0 < Fix Pack 2 Multiple Vulnerabilities Web Servers Medium IBM Tivoli Directory Server < 6.1.0.47 / 6.2.0.22 / 6.3.0.11 Multiple Vulnerabilities (credentialed check) Windows 901 Plugin Name Family IBM Detailed Vulnerability Summary Tenable Network Security 45 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 901 Medium IBM Tivoli Directory Server Web Administration Tool Unspecified XSS CGI abuses : XSS 901 Medium IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities Web Servers 901 Medium WebSphere MQ 7.1 < 7.1.0.1 MQ SVRCONN Channels Security Configuration Bypass Windows 901 Medium IBM WebSphere Application Server 6.1 < Fix Pack 45 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 25 Multiple Vulnerabilities Web Servers 901 Medium IBM Tivoli Directory Server TLS NULL Cipher (uncredentialed check) General 901 Medium WebSphere MQ 6.x < 6.0.2.9 / 7.x < 7.0.1.1 'userid' and 'password' Information Disclosure Windows 901 Medium IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 8.0 < Fix Pack 5 Multiple Vulnerabilities Web Servers IBM Detailed Vulnerability Summary Tenable Network Security 46 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name Family 901 Medium IBM Tivoli Storage Manager Client 6.3 < 6.3.1.0 / 6.4 < 6.4.0.1 Unauthorized Access 901 Medium IBM Tivoli Storage Manager Client Windows Denial of Service 901 Medium IBM Tivoli Directory Server 6.2 < 6.2.0.29 / 6.3 < 6.3.0.21 SSL / TLS Windows Denial of Service 901 Medium IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities CGI abuses 901 Medium IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities Web Servers 901 Medium IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities Web Servers Windows Exploits Total Host Total Severity Plugin Name 901 901 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities 901 901 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Overflows 901 901 Critical IBM Tivoli Storage Manager Multiple Remote Overflows 901 901 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775) 901 901 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562) 901 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.17 Multiple Vulnerabilities IBM Detailed Vulnerability Summary Tenable Network Security 47 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 901 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities 901 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.13 Multiple Vulnerabilities 901 901 Critical IBM Tivoli Directory Server Vulnerabilities (credentialed check) 901 901 Critical IBM Tivoli Directory Server SASL Bind Request Buffer Overflow (uncredentialed check) 901 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities 901 901 Critical WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow 901 901 High IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities 901 901 High IBM WebSphere Application Server 7.0 < Fix Pack 3 901 901 High IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws 901 901 High IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting 901 901 High IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities 901 901 High IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities 901 901 High IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow 901 901 High IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities 901 901 High IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile Method Boundary Error Remote Overflow 901 901 High Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections IBM Detailed Vulnerability Summary Tenable Network Security 48 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 901 901 High IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access 901 901 High IBM WebSphere Portal Dojo Module Arbitrary File Download 901 901 Medium IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure 901 901 Medium IBM WebSphere Edge Caching Proxy DoS 901 901 Medium Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access 901 901 Medium IBM Tivoli Directory Server LDAP Packet Handling DoS 901 901 Medium IBM WebSphere Application Server '%20' Request Source Disclosure 901 901 Medium IBM Tivoli Provisioning Manager for OS Deployment TFTPD Malformed PRQ Request DoS 901 901 Medium IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities 901 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 7 901 901 Medium IBM Multiple Products login.php Query String XSS 901 901 Medium IBM WebSphere Application Server 6.0 < 6.0.2.43 Multiple Vulnerabilities 901 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.35 Multiple Vulnerabilities 901 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities 901 901 Medium IBM Tivoli Management Framework Endpoint addr URL Default Credentials 901 901 Medium IBM WebSphere Application Server < 6.1.0.29 Multiple Vulnerabilities 901 901 Medium IBM WebSphere Application Server Multiple Vulnerabilities IBM Detailed Vulnerability Summary Tenable Network Security 49 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Host Total Severity Plugin Name 901 901 Medium IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities 901 901 Medium IBM Tivoli Directory Server < 6.1.0.47 / 6.2.0.22 / 6.3.0.11 Multiple Vulnerabilities (credentialed check) 901 901 Medium IBM Tivoli Directory Server Web Administration Tool Unspecified XSS 901 901 Medium IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities 901 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities 901 901 Medium IBM Tivoli Directory Server TLS NULL Cipher (uncredentialed check) 901 901 Medium IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities 901 901 Medium IBM WebSphere Application Server 8.0 < Fix Pack 5 Multiple Vulnerabilities 901 901 Medium IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities IBM Detailed Vulnerability Summary Tenable Network Security 50 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Web Technologies Systems Vulnerabilities Exploits IBM Detailed Vulnerability Summary Tenable Network Security 51 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IBM Vulnerability Status at a Glance This chapter gives a quick status report on patching efforts. The number of critical, high, and medium vulnerabilities is displayed across three columns, as well as the number of days they have been detected. Represented are known vulnerabilities that have existed for: Over 30 Days, the Last 30 Days, or the Last 7 Days. IBM Vulnerability Status at a Glance Tenable Network Security 52 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Over 30 Days Total Severity Plugin Name 668 Critical IBM Tivoli Firewall Toolbox (TFST) Unspecified Remote Overflow 668 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities 668 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Overflows 668 Critical IBM Tivoli Storage Manager Multiple Remote Overflows 668 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775) 668 Critical IBM Tivoli Storage Manager Express Backup Server service (dsmsvc.exe) Packet Handling Remote Overflow 668 Critical IBM Tivoli Provisioning Manager OS Deployment < 5.1.0.3 Interim Fix 3 HTTP Server Logging Functionality Remote Overflow 668 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562) 668 Critical IBM WebSphere Application Server 6.0 < 6.0.2.17 Multiple Vulnerabilities 668 Critical IBM WebSphere Application Server 6.0 < 6.0.2.23 Unspecified Vulnerability (PK45726) 668 Critical IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities 668 Critical IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities 668 Critical IBM WebSphere Application Server 6.1 < 6.1.0.13 Multiple Vulnerabilities 668 Critical IBM WebSphere Application Server 7.0 < Fix Pack 11 Multiple Vulnerabilities 668 Critical IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities 668 Critical IBM Tivoli Directory Server Vulnerabilities (credentialed check) 668 Critical IBM Tivoli Directory Server SASL Bind Request Buffer Overflow (uncredentialed check) IBM Vulnerability Status at a Glance Tenable Network Security 53 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 668 Critical IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities 668 Critical WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow 654 Critical DB2 < 8 Fix Pack 7a Multiple Vulnerabilities 654 Critical DB2 < 9 Fix Pack 3 / 8 FixPak 15 Multiple Vulnerabilities 654 Critical DB2 < 9 Fix Pack 4 Multiple Vulnerabilities 654 Critical DB2 < 8.1 FixPak 16 Multiple Vulnerabilities 654 Critical DB2 < 9 Fix Pack 5 Multiple Vulnerabilities 654 Critical DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities 654 Critical DB2 8 < Fix Pack 17 Multiple Vulnerabilities 654 Critical DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities 654 Critical DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities 654 Critical DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities 654 Critical DB2 Unsupported Version Detection 203 Critical IBM iSeries Default Password 674 High IBM InfoSphere Data Replication Dashboard Default Credentials 674 High IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration 668 High IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities 668 High IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws 668 High IBM Tivoli Storage Manager HSM Client < 5.5.1.8 / 5.4.2.6 668 High IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities 668 High IBM WebSphere Application Server 7.0 < Fix Pack 3 668 High IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws 668 High IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting 668 High IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities IBM Vulnerability Status at a Glance Tenable Network Security 54 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 668 High IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities 668 High IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities 668 High IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities 668 High IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow 668 High IBM Tivoli Storage Manager Client Multiple Buffer Overflows (swg21457604) 668 High IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities 668 High IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile Method Boundary Error Remote Overflow 668 High Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections 668 High IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access 668 High IBM WebSphere Portal Dojo Module Arbitrary File Download 668 High WebSphere MQ 7.0.1 < 7.0.1.9 Global Security Toolkit Vulnerabilities 668 High WebSphere MQ 7.1 < 7.1.0.2 Multiple Vulnerabilities 654 High DB2 < 9 Fix Pack 2 Multiple Vulnerabilities 654 High DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities 654 High DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities 654 High DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities 654 High DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities 654 High DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities 654 High DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities 654 High DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities 674 Medium Multiple Vendor RPC portmapper Access Restriction Bypass IBM Vulnerability Status at a Glance Tenable Network Security 55 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 674 Medium IBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow 674 Medium IBM InfoSphere Data Replication Dashboard User Enumeration 668 Medium IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure 668 Medium IBM WebSphere Traversal Error Page XSS 668 Medium IBM WebSphere Edge Caching Proxy DoS 668 Medium IBM WebSphere HTTP Request Header Remote Overflow 668 Medium Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access 668 Medium IBM Tivoli Directory Server LDAP Packet Handling DoS 668 Medium IBM WebSphere Application Server '%20' Request Source Disclosure 668 Medium IBM WebSphere snoopservlet Path Disclosure 668 Medium IBM WebSphere Application Server SOAP Connector Error Page XSS 668 Medium IBM Tivoli Provisioning Manager for OS Deployment TFTPD Malformed PRQ Request DoS 668 Medium IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 7.0 < Fix Pack 1 668 Medium IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws 668 Medium IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 7.0 < Fix Pack 5 668 Medium IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 7.0 < Fix Pack 7 IBM Vulnerability Status at a Glance Tenable Network Security 56 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 668 Medium IBM WebSphere Application Server 6.0 < 6.0.2.39 Multiple Vulnerabilities 668 Medium IBM Multiple Products login.php Query String XSS 668 Medium IBM WebSphere Application Server 6.1 < 6.1.0.9 Crosssession Information Disclosure 668 Medium IBM WebSphere Application Server 6.0 < 6.0.2.41 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 7.0 < Fix Pack 9 668 Medium IBM WebSphere Application Server 6.0 < 6.0.2.43 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 6.1 < 6.1.0.35 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities 668 Medium IBM Tivoli Management Framework Endpoint addr URL Default Credentials 668 Medium IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server < 6.1.0.29 Multiple Vulnerabilities 668 Medium WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow 668 Medium IBM WebSphere Application Server Multiple Vulnerabilities 668 Medium IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities IBM Vulnerability Status at a Glance Tenable Network Security 57 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Within the last 30 days Total Severity 235 High DB2 < 9 Fix Pack 2 Multiple Vulnerabilities Plugin Name 235 High DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities 235 High DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities 235 High DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities 235 High DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities 235 High DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities 235 High DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities 235 High DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities 233 High IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities 233 High IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws 233 High IBM Tivoli Storage Manager HSM Client < 5.5.1.8 / 5.4.2.6 233 High IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities 233 High IBM WebSphere Application Server 7.0 < Fix Pack 3 233 High IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws 233 High IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting 233 High IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities 233 High IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities 233 High IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities 233 High IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities 233 High IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow 233 High IBM Tivoli Storage Manager Client Multiple Buffer Overflows (swg21457604) IBM Vulnerability Status at a Glance Tenable Network Security 58 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 233 High IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities 233 High IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile Method Boundary Error Remote Overflow 233 High Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections 233 High IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access 233 High IBM WebSphere Portal Dojo Module Arbitrary File Download 233 High WebSphere MQ 7.0.1 < 7.0.1.9 Global Security Toolkit Vulnerabilities 233 High WebSphere MQ 7.1 < 7.1.0.2 Multiple Vulnerabilities 221 High IBM InfoSphere Data Replication Dashboard Default Credentials 221 High IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration Total Severity 53 Medium IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities 53 Medium IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities 53 Medium IBM Tivoli Directory Server 6.2 < 6.2.0.29 / 6.3 < 6.3.0.21 SSL / TLS Denial of Service 16 High Within the last 7 days Plugin Name IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration IBM Vulnerability Status at a Glance Tenable Network Security 59 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 16 Medium 16 High IBM InfoSphere Data Replication Dashboard Default Credentials 53 Medium IBM Tivoli Storage Manager Client Denial of Service 53 Medium IBM Tivoli Storage Manager Client 6.3 < 6.3.1.0 / 6.4 < 6.4.0.1 Unauthorized Access 53 Medium IBM WebSphere Application Server 8.0 < Fix Pack 5 Multiple Vulnerabilities 16 Medium IBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities 53 High WebSphere MQ 7.1 < 7.1.0.2 Multiple Vulnerabilities 53 High WebSphere MQ 7.0.1 < 7.0.1.9 Global Security Toolkit Vulnerabilities 53 High IBM WebSphere Portal Dojo Module Arbitrary File Download 53 Medium IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities 53 Medium WebSphere MQ 6.x < 6.0.2.9 / 7.x < 7.0.1.1 'userid' and 'password' Information Disclosure 16 High DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities 16 High DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities 53 Medium IBM Tivoli Directory Server TLS NULL Cipher (uncredentialed check) 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 25 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 6.1 < Fix Pack 45 Multiple Vulnerabilities 16 High 53 Medium IBM InfoSphere Data Replication Dashboard User Enumeration DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities WebSphere MQ 7.1 < 7.1.0.1 MQ SVRCONN Channels Security Configuration Bypass IBM Vulnerability Status at a Glance Tenable Network Security 60 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 53 High 53 Medium 16 High DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities 16 Medium DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities 16 High DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities 16 Medium DB2 9.1 < Fix Pack 11 Multiple Denial of Service Vulnerabilities 53 Medium IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities 53 Medium IBM Tivoli Directory Server Web Administration Tool Unspecified XSS 53 Medium IBM Tivoli Directory Server < 6.1.0.47 / 6.2.0.22 / 6.3.0.11 Multiple Vulnerabilities (credentialed check) 53 Medium IBM WebSphere Application Server 8.0 < Fix Pack 2 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 21 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities 53 High Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections 53 High IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile Method Boundary Error Remote Overflow 16 Medium DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server Multiple Vulnerabilities 53 Medium WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow 53 Critical WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow 53 Critical IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities IBM Vulnerability Status at a Glance Tenable Network Security 61 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 16 Medium DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities 53 Medium IBM WebSphere Application Server < 6.1.0.29 Multiple Vulnerabilities 53 High IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities 16 Critical DB2 Unsupported Version Detection 53 Medium IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities 53 High 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities 53 Medium IBM Tivoli Management Framework Endpoint addr URL Default Credentials 53 Critical IBM Tivoli Directory Server SASL Bind Request Buffer Overflow (uncredentialed check) 53 High 16 Medium Multiple Vendor RPC portmapper Access Restriction Bypass 53 Critical IBM Tivoli Directory Server Vulnerabilities (credentialed check) 16 Medium DB2 9.7 < Fix Pack 4 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities 53 High 16 Critical DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities 16 Critical DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 6.1 < 6.1.0.35 Multiple Vulnerabilities IBM Tivoli Storage Manager Client Multiple Buffer Overflows (swg21457604) IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities IBM Vulnerability Status at a Glance Tenable Network Security 62 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 53 High 16 Medium DB2 9.7 < Fix Pack 3 Multiple Vulnerabilities 53 Critical IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 6.0 < 6.0.2.43 Multiple Vulnerabilities 16 Critical DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities 53 Critical IBM WebSphere Application Server 7.0 < Fix Pack 11 Multiple Vulnerabilities 16 Medium DB2 9.7 < Fix Pack 2 Multiple Vulnerabilities 16 Medium DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 9 53 Medium IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 6.0 < 6.0.2.41 Multiple Vulnerabilities 53 Critical IBM WebSphere Application Server 6.1 < 6.1.0.13 Multiple Vulnerabilities 53 High 53 Medium IBM WebSphere Application Server 6.1 < 6.1.0.9 Crosssession Information Disclosure 53 Critical IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities 53 Critical IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities 53 Critical IBM WebSphere Application Server 6.0 < 6.0.2.23 Unspecified Vulnerability (PK45726) 53 High IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities 53 High IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities IBM Vulnerability Status at a Glance Tenable Network Security 63 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 53 Critical IBM WebSphere Application Server 6.0 < 6.0.2.17 Multiple Vulnerabilities 53 Medium IBM Multiple Products login.php Query String XSS 53 Medium IBM WebSphere Application Server 6.0 < 6.0.2.39 Multiple Vulnerabilities 16 Medium DB2 9.5 < Fix Pack 5 Unspecified Vulnerabilities 53 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562) 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 7 16 Medium DB2 9.1 < Fix Pack 8 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server 7.0 < Fix Pack 5 16 Medium DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities 16 Medium DB2 < 9.5 Fix Pack 4 Multiple Vulnerabilities 53 Medium IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities 16 Medium DB2 9.1 < Fix Pack 7 Multiple Vulnerabilities 53 High IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws 53 High IBM WebSphere Application Server 7.0 < Fix Pack 3 53 High IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities 53 High IBM Tivoli Storage Manager HSM Client < 5.5.1.8 / 5.4.2.6 IBM Vulnerability Status at a Glance Tenable Network Security 64 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 IBM Critical Vulnerability Information This chapter reports the most critical vulnerabilities for a fast readable reference to the most significant concerns. IBM Critical Vulnerability Information Tenable Network Security 65 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Criticals at a Glance Total Severity 270 Critical IBM iSeries Default Password Plugin Name 901 Critical WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities 889 Critical DB2 Unsupported Version Detection 901 Critical IBM Tivoli Directory Server SASL Bind Request Buffer Overflow (uncredentialed check) 901 Critical IBM Tivoli Directory Server Vulnerabilities (credentialed check) 889 Critical DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities 889 Critical DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities 889 Critical DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities 901 Critical IBM WebSphere Application Server 7.0 < Fix Pack 11 Multiple Vulnerabilities 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.13 Multiple Vulnerabilities 901 Critical IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.23 Unspecified Vulnerability (PK45726) 901 Critical IBM WebSphere Application Server 6.0 < 6.0.2.17 Multiple Vulnerabilities 901 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562) 889 Critical DB2 8 < Fix Pack 17 Multiple Vulnerabilities 889 Critical DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities 889 Critical DB2 < 9 Fix Pack 5 Multiple Vulnerabilities IBM Critical Vulnerability Information Tenable Network Security 66 IBM Software Vulnerabilities SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2013 Total Severity Plugin Name 901 Critical IBM Tivoli Provisioning Manager OS Deployment < 5.1.0.3 Interim Fix 3 HTTP Server Logging Functionality Remote Overflow 889 Critical DB2 < 8.1 FixPak 16 Multiple Vulnerabilities 901 Critical IBM Tivoli Storage Manager Express Backup Server service (dsmsvc.exe) Packet Handling Remote Overflow 889 Critical DB2 < 9 Fix Pack 4 Multiple Vulnerabilities 901 Critical IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775) 889 Critical DB2 < 9 Fix Pack 3 / 8 FixPak 15 Multiple Vulnerabilities 901 Critical IBM Tivoli Storage Manager Multiple Remote Overflows 901 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Overflows 901 Critical IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities 889 Critical DB2 < 8 Fix Pack 7a Multiple Vulnerabilities 901 Critical IBM Tivoli Firewall Toolbox (TFST) Unspecified Remote Overflow IBM Critical Vulnerability Information Tenable Network Security 67
