Search criteria
58 vulnerabilities found for tivoli_monitoring by ibm
CVE-2025-3356 (GCVE-0-2025-3356)
Vulnerability from nvd – Published: 2025-10-30 19:22 – Updated: 2025-10-30 19:41
VLAI?
Title
IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:38:43.818984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:41:12.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view, overwrite, or append to arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view, overwrite, or append to arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:22:37.371Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3356",
"datePublished": "2025-10-30T19:22:37.371Z",
"dateReserved": "2025-04-06T21:05:59.220Z",
"dateUpdated": "2025-10-30T19:41:12.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3355 (GCVE-0-2025-3355)
Vulnerability from nvd – Published: 2025-10-30 19:21 – Updated: 2025-10-30 19:51
VLAI?
Title
IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:49:59.308067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:51:08.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:21:42.496Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3355",
"datePublished": "2025-10-30T19:21:42.496Z",
"dateReserved": "2025-04-06T21:02:26.939Z",
"dateUpdated": "2025-10-30T19:51:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3354 (GCVE-0-2025-3354)
Vulnerability from nvd – Published: 2025-08-06 13:50 – Updated: 2025-08-07 03:55
VLAI?
Title
IBM Tivoli Monitoring code execution
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:21.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:50:06.240Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3354",
"datePublished": "2025-08-06T13:50:06.240Z",
"dateReserved": "2025-04-06T20:57:16.315Z",
"dateUpdated": "2025-08-07T03:55:21.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3320 (GCVE-0-2025-3320)
Vulnerability from nvd – Published: 2025-08-06 13:49 – Updated: 2025-08-07 03:55
VLAI?
Title
IBM Tivoli Monitoring code execution
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:20.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:49:35.970Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3320",
"datePublished": "2025-08-06T13:49:35.970Z",
"dateReserved": "2025-04-05T13:35:40.648Z",
"dateUpdated": "2025-08-07T03:55:20.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3357 (GCVE-0-2025-3357)
Vulnerability from nvd – Published: 2025-05-28 14:51 – Updated: 2025-08-26 14:56
VLAI?
Title
IBM Tivoli Monitoring code execution
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
Severity ?
9.8 (Critical)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP15
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T03:55:49.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP15",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u0026nbsp;could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u00a0could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:56:28.301Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234923"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3357",
"datePublished": "2025-05-28T14:51:29.649Z",
"dateReserved": "2025-04-06T21:14:20.726Z",
"dateUpdated": "2025-08-26T14:56:28.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4311 (GCVE-0-2020-4311)
Vulnerability from nvd – Published: 2020-04-23 13:10 – Updated: 2024-09-16 18:59
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:06.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0"
}
]
}
],
"datePublic": "2020-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/S:U/UI:N/A:H/C:H/I:H/PR:N/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T13:10:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-22T00:00:00",
"ID": "CVE-2020-4311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6198358",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6198358 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4311",
"datePublished": "2020-04-23T13:10:23.928628Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:59:33.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4592 (GCVE-0-2019-4592)
Vulnerability from nvd – Published: 2020-02-13 15:40 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7.3
Affected: 6.3.0.7.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0.7.3"
},
{
"status": "affected",
"version": "6.3.0.7.10"
}
]
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:N/C:N/S:U/AC:L/I:N/UI:N/PR:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T15:40:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-12T00:00:00",
"ID": "CVE-2019-4592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0.7.3"
},
{
"version_value": "6.3.0.7.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2278617",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2278617 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4592",
"datePublished": "2020-02-13T15:40:21.327502Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:01:14.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1794 (GCVE-0-2017-1794)
Vulnerability from nvd – Published: 2018-09-19 15:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.2.3
Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.3.0 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-19T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-17T00:00:00",
"ID": "CVE-2017-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1794",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:57:57.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1789 (GCVE-0-2017-1789)
Vulnerability from nvd – Published: 2018-03-22 12:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
Severity ?
9.8 (Critical)
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3
Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T11:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2017-1789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014096",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1789",
"datePublished": "2018-03-22T12:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:35:36.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1635 (GCVE-0-2017-1635)
Vulnerability from nvd – Published: 2017-12-13 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.2
Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-17T00:00:00",
"ID": "CVE-2017-1635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010554",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1635",
"datePublished": "2017-12-13T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:38:14.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1183 (GCVE-0-2017-1183)
Vulnerability from nvd – Published: 2017-07-14 13:00 – Updated: 2024-09-16 20:52
VLAI?
Summary
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.
Severity ?
No CVSS data available.
CWE
- Data Manipulation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3.5
Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99610"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99610"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2017-1183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003402",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99610"
},
{
"name": "1038913",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1183",
"datePublished": "2017-07-14T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:52:33.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1182 (GCVE-0-2017-1182)
Vulnerability from nvd – Published: 2017-07-14 13:00 – Updated: 2024-09-16 19:04
VLAI?
Summary
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3.5
Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2017-1182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003402",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "1038913",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1182",
"datePublished": "2017-07-14T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:04:42.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1181 (GCVE-0-2017-1181)
Vulnerability from nvd – Published: 2017-07-14 13:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3.5
Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99596",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99596"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99596",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99596"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2017-1181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003402",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99596"
},
{
"name": "1038913",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1181",
"datePublished": "2017-07-14T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T04:29:08.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6083 (GCVE-0-2016-6083)
Vulnerability from nvd – Published: 2017-06-27 16:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.2
Affected: 6.2.3 Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:19.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696"
},
{
"name": "99259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696"
},
{
"name": "99259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22000909",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000909"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696"
},
{
"name": "99259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6083",
"datePublished": "2017-06-27T16:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:19.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5933 (GCVE-0-2016-5933)
Vulnerability from nvd – Published: 2017-03-08 19:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Tivoli Monitoring V6 |
Affected:
6.2.0
Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.1 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.0"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.1"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997223",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5933",
"datePublished": "2017-03-08T19:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:09.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3356 (GCVE-0-2025-3356)
Vulnerability from cvelistv5 – Published: 2025-10-30 19:22 – Updated: 2025-10-30 19:41
VLAI?
Title
IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:38:43.818984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:41:12.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view, overwrite, or append to arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view, overwrite, or append to arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:22:37.371Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3356",
"datePublished": "2025-10-30T19:22:37.371Z",
"dateReserved": "2025-04-06T21:05:59.220Z",
"dateUpdated": "2025-10-30T19:41:12.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3355 (GCVE-0-2025-3355)
Vulnerability from cvelistv5 – Published: 2025-10-30 19:21 – Updated: 2025-10-30 19:51
VLAI?
Title
IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:49:59.308067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:51:08.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:21:42.496Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3355",
"datePublished": "2025-10-30T19:21:42.496Z",
"dateReserved": "2025-04-06T21:02:26.939Z",
"dateUpdated": "2025-10-30T19:51:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3354 (GCVE-0-2025-3354)
Vulnerability from cvelistv5 – Published: 2025-08-06 13:50 – Updated: 2025-08-07 03:55
VLAI?
Title
IBM Tivoli Monitoring code execution
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:21.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:50:06.240Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3354",
"datePublished": "2025-08-06T13:50:06.240Z",
"dateReserved": "2025-04-06T20:57:16.315Z",
"dateUpdated": "2025-08-07T03:55:21.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3320 (GCVE-0-2025-3320)
Vulnerability from cvelistv5 – Published: 2025-08-06 13:49 – Updated: 2025-08-07 03:55
VLAI?
Title
IBM Tivoli Monitoring code execution
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:20.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:49:35.970Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3320",
"datePublished": "2025-08-06T13:49:35.970Z",
"dateReserved": "2025-04-05T13:35:40.648Z",
"dateUpdated": "2025-08-07T03:55:20.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3357 (GCVE-0-2025-3357)
Vulnerability from cvelistv5 – Published: 2025-05-28 14:51 – Updated: 2025-08-26 14:56
VLAI?
Title
IBM Tivoli Monitoring code execution
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
Severity ?
9.8 (Critical)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP15
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T03:55:49.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP15",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u0026nbsp;could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u00a0could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:56:28.301Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234923"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3357",
"datePublished": "2025-05-28T14:51:29.649Z",
"dateReserved": "2025-04-06T21:14:20.726Z",
"dateUpdated": "2025-08-26T14:56:28.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4311 (GCVE-0-2020-4311)
Vulnerability from cvelistv5 – Published: 2020-04-23 13:10 – Updated: 2024-09-16 18:59
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:06.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0"
}
]
}
],
"datePublic": "2020-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/S:U/UI:N/A:H/C:H/I:H/PR:N/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T13:10:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-22T00:00:00",
"ID": "CVE-2020-4311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6198358",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6198358 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4311",
"datePublished": "2020-04-23T13:10:23.928628Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:59:33.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4592 (GCVE-0-2019-4592)
Vulnerability from cvelistv5 – Published: 2020-02-13 15:40 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7.3
Affected: 6.3.0.7.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0.7.3"
},
{
"status": "affected",
"version": "6.3.0.7.10"
}
]
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:N/C:N/S:U/AC:L/I:N/UI:N/PR:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T15:40:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-12T00:00:00",
"ID": "CVE-2019-4592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0.7.3"
},
{
"version_value": "6.3.0.7.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2278617",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2278617 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4592",
"datePublished": "2020-02-13T15:40:21.327502Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:01:14.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1794 (GCVE-0-2017-1794)
Vulnerability from cvelistv5 – Published: 2018-09-19 15:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.2.3
Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.3.0 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-19T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-17T00:00:00",
"ID": "CVE-2017-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1794",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:57:57.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1789 (GCVE-0-2017-1789)
Vulnerability from cvelistv5 – Published: 2018-03-22 12:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
Severity ?
9.8 (Critical)
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3
Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T11:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2017-1789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014096",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1789",
"datePublished": "2018-03-22T12:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:35:36.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1635 (GCVE-0-2017-1635)
Vulnerability from cvelistv5 – Published: 2017-12-13 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.2
Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-17T00:00:00",
"ID": "CVE-2017-1635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010554",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1635",
"datePublished": "2017-12-13T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:38:14.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1182 (GCVE-0-2017-1182)
Vulnerability from cvelistv5 – Published: 2017-07-14 13:00 – Updated: 2024-09-16 19:04
VLAI?
Summary
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3.5
Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2017-1182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123493"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003402",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "1038913",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1182",
"datePublished": "2017-07-14T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:04:42.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1183 (GCVE-0-2017-1183)
Vulnerability from cvelistv5 – Published: 2017-07-14 13:00 – Updated: 2024-09-16 20:52
VLAI?
Summary
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.
Severity ?
No CVSS data available.
CWE
- Data Manipulation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3.5
Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99610"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99610"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2017-1183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123494"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003402",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99610"
},
{
"name": "1038913",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1183",
"datePublished": "2017-07-14T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:52:33.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1181 (GCVE-0-2017-1181)
Vulnerability from cvelistv5 – Published: 2017-07-14 13:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3.5
Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99596",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99596"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99596",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99596"
},
{
"name": "1038913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2017-1181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123487"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003402",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003402"
},
{
"name": "99596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99596"
},
{
"name": "1038913",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1181",
"datePublished": "2017-07-14T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T04:29:08.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6083 (GCVE-0-2016-6083)
Vulnerability from cvelistv5 – Published: 2017-06-27 16:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.2
Affected: 6.2.3 Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:19.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696"
},
{
"name": "99259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696"
},
{
"name": "99259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22000909",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000909"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117696"
},
{
"name": "99259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6083",
"datePublished": "2017-06-27T16:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:19.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5933 (GCVE-0-2016-5933)
Vulnerability from cvelistv5 – Published: 2017-03-08 19:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Tivoli Monitoring V6 |
Affected:
6.2.0
Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.1 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2017-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.0"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.1"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997223",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5933",
"datePublished": "2017-03-08T19:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:09.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}