Privilege Escalation in IBM Tivoli NetView Access Services (NVAS)

Privilege Escalation in IBM Tivoli NetView Access Services (NVAS)

CVE-2014-9768 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability

Learn more about our User Device Pen Test.