Vulnerability Details CVE-2014-9768
IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white
- https://vimeo.com/96718889
- http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white
- https://vimeo.com/96718889
Products affected by CVE-2014-9768
-
cpe:2.3:a:ibm:tivoli_netview_access_services:-