CVE-2011-1220

IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, 4.3.1 - Authenticated Stack-Based Buffer Overflow via Long opts Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-1220. PoCs published by Metasploit, bannedit, including Metasploit module exploits/windows/http/ibm_tivoli_endpoint_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in IBM Tivoli Endpoint Manager by sending a crafted HTTP POST request to port 9495. It bypasses authentication using hardcoded credentials (tivoli/boss) and targets Windows Server 2003 systems.

Description

Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17392

This Metasploit module exploits a stack-based buffer overflow in IBM Tivoli Endpoint Manager by sending a crafted HTTP POST request to port 9495. It bypasses authentication using hardcoded credentials (tivoli/boss) and targets Windows Server 2003 systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1
Auth required
Prerequisites: Network access to TCP port 9495 · Target system running vulnerable IBM Tivoli Endpoint Manager version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by bannedit · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb

This Metasploit module exploits a stack-based buffer overflow in IBM Tivoli Endpoint Manager by sending a crafted HTTP POST request to port 9495, leveraging a hardcoded account (tivoli/boss) for authentication. The exploit targets specific Windows Server 2003 versions and delivers a payload to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1
Auth required
Prerequisites: Network access to TCP port 9495 · IBM Tivoli Endpoint Manager vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67631
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44628
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8268
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025581
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21499146
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1IZ90238
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-11-169/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518199/100/0/threaded

Scores

EPSS 0.6266
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (4)
ibm/tivoli_management_framework 3.7.1
ibm/tivoli_management_framework 4.1
ibm/tivoli_management_framework 4.1.1
ibm/tivoli_management_framework 4.3.1
Published Jun 02, 2011
Tracked Since Feb 18, 2026