Unrated severityNVD Advisory· Published Dec 19, 2008· Updated Jun 16, 2026
CVE-2008-5686
CVE-2008-5686
Description
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
Affected products
5cpe:2.3:a:ibm:tivoli_provisioning_manager:5.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:tivoli_provisioning_manager:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_provisioning_manager:5.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_provisioning_manager:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_provisioning_manager:5.1.1.1:*:*:*:*:*:*:*
- (no CPE)range: <5.1.1.1 IF0006
Patches
Vulnerability mechanics
References
5- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
- secunia.com/advisories/33143nvdVendor Advisory
- securitytracker.com/idnvd
- www.securityfocus.com/bid/32824nvd
- www.vupen.com/english/advisories/2008/3432nvd
News mentions
0No linked articles in our index yet.