CVE-2014-9768

** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor’s perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability.

Date published : 2016-03-18

http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white