>> IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
Title : IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities VUPEN ID : VUPEN/ADV-2008-2690 CVE ID : CVE-2007-5333 - CVE-2008-4294
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-09-29
Technical Description
Two vulnerabilities have been identified in IBM Tivoli Netcool/Webtop, which could be exploited by remote attackers to bypass security restrictions.
The first issue is caused by an error when a user has logged into webtop as root and then logs out and back into webtop without closing the browser and logs in under a user with read only privileges, which allow the user to have root privileges.
The second vulnerability is caused by an error in Tomcat. For additional information, see : VUPEN/ADV-2008-0488
