CVE-2014-9768
https://notcve.org/view.php?id=CVE-2014-9768
IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability ** DISPUTADA ** IBM Tivoli NetView Access Services (NVAS) permite a usuarios remotos autenticados obtener privilegios introduciendo un comando ADM y modificando un campo "page ID" en el código de transacción EMSPG2. NOTA: la perspectiva del fabricante es que la configuración y uso de los controles de seguridad disponibles en el producto NVAS mitiga la vulnerabilidad reportada. • http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white https://vimeo.com/96718889 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-5951
https://notcve.org/view.php?id=CVE-2012-5951
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. Una vulnerabilidad no especificada en IBM Tivoli NetView v1.4, v5.1 a v5.4 y v6.1 en z/OS permite a usuarios locales obtener privilegios aprovechándose de su acceso al nivel de seguridad "normal" de Unix System Services (USS). • http://www-01.ibm.com/support/docview.wss?uid=swg1OA41059 http://www-01.ibm.com/support/docview.wss?uid=swg1OA41060 http://www-01.ibm.com/support/docview.wss?uid=swg1OA41061 http://www.ibm.com/support/docview.wss?uid=swg21621163 http://www.securitytracker.com/id? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2001-0552 – IBM Tivoli NetView 5/6 - OVActionD SNMPNotify Command Execution
https://notcve.org/view.php?id=CVE-2001-0552
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. • https://www.exploit-db.com/exploits/20909 http://marc.info/?l=bugtraq&m=99201278704545&w=2 http://www.cert.org/advisories/CA-2001-24.html http://www.kb.cert.org/vuls/id/952171 http://www.securityfocus.com/bid/2845 •