Search criteria
87 vulnerabilities found for tivoli_monitoring by ibm
FKIE_CVE-2025-3355
Vulnerability from fkie_nvd - Published: 2025-10-30 20:15 - Updated: 2025-11-07 01:58
Severity ?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7249694 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*",
"matchCriteriaId": "15633ADC-6913-4AA1-8524-F139895B1C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8F29F79-3813-4B6F-A0FE-3E12711F2827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*",
"matchCriteriaId": "63F43D7A-2BB8-475A-9F95-5AD83FC2F1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*",
"matchCriteriaId": "89FE6200-3F7A-43E6-B9DB-24D1B956A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*",
"matchCriteriaId": "8632DB2C-4814-43F9-8AA9-682FB000CDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*",
"matchCriteriaId": "9D1B4834-85E5-4E41-9886-03BFD8424FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*",
"matchCriteriaId": "54AE7933-034F-459B-8C02-2850D3153437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*",
"matchCriteriaId": "643F4560-5049-466D-B4BA-18DDBBD2BEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*",
"matchCriteriaId": "3698F091-E08C-4B5C-9E85-1729A19A914F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*",
"matchCriteriaId": "DA218FEA-1091-4098-8A4C-3557924A27EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*",
"matchCriteriaId": "6993220C-C737-4876-8E52-1C0CB9F109A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*",
"matchCriteriaId": "2AAFF1A2-750F-4C08-B544-0D6BC56D2048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "056BA0BC-CA53-4103-AA0A-692226602765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*",
"matchCriteriaId": "68430D8F-B043-4179-860E-D4DADB7203E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*",
"matchCriteriaId": "B9984364-3AFB-4E06-97B0-53B7D5657882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FC469C26-0D30-40CF-8A24-AC7940DD9D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2E6529C0-2017-413A-9FF8-D3D09475E867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BF411C3F-AB57-4F4B-92C7-6F6C142F2F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*",
"matchCriteriaId": "C6BC45D1-9BE9-44FC-A99A-FF99F7393274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*",
"matchCriteriaId": "53D77364-F817-4BE8-BF25-1537180B06DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*",
"matchCriteriaId": "680F331C-D4C7-4280-9981-9848BAE460C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*",
"matchCriteriaId": "3C280072-A982-4A9F-A740-00838B72259B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"id": "CVE-2025-3355",
"lastModified": "2025-11-07T01:58:25.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-10-30T20:15:38.673",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-3356
Vulnerability from fkie_nvd - Published: 2025-10-30 20:15 - Updated: 2025-11-07 02:10
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7249694 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*",
"matchCriteriaId": "15633ADC-6913-4AA1-8524-F139895B1C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8F29F79-3813-4B6F-A0FE-3E12711F2827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*",
"matchCriteriaId": "63F43D7A-2BB8-475A-9F95-5AD83FC2F1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*",
"matchCriteriaId": "89FE6200-3F7A-43E6-B9DB-24D1B956A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*",
"matchCriteriaId": "8632DB2C-4814-43F9-8AA9-682FB000CDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*",
"matchCriteriaId": "9D1B4834-85E5-4E41-9886-03BFD8424FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*",
"matchCriteriaId": "54AE7933-034F-459B-8C02-2850D3153437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*",
"matchCriteriaId": "643F4560-5049-466D-B4BA-18DDBBD2BEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*",
"matchCriteriaId": "3698F091-E08C-4B5C-9E85-1729A19A914F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*",
"matchCriteriaId": "DA218FEA-1091-4098-8A4C-3557924A27EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*",
"matchCriteriaId": "6993220C-C737-4876-8E52-1C0CB9F109A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*",
"matchCriteriaId": "2AAFF1A2-750F-4C08-B544-0D6BC56D2048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "056BA0BC-CA53-4103-AA0A-692226602765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*",
"matchCriteriaId": "68430D8F-B043-4179-860E-D4DADB7203E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*",
"matchCriteriaId": "B9984364-3AFB-4E06-97B0-53B7D5657882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FC469C26-0D30-40CF-8A24-AC7940DD9D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2E6529C0-2017-413A-9FF8-D3D09475E867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BF411C3F-AB57-4F4B-92C7-6F6C142F2F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*",
"matchCriteriaId": "C6BC45D1-9BE9-44FC-A99A-FF99F7393274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*",
"matchCriteriaId": "53D77364-F817-4BE8-BF25-1537180B06DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*",
"matchCriteriaId": "680F331C-D4C7-4280-9981-9848BAE460C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*",
"matchCriteriaId": "3C280072-A982-4A9F-A740-00838B72259B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view, overwrite, or append to arbitrary files on the system."
}
],
"id": "CVE-2025-3356",
"lastModified": "2025-11-07T02:10:58.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-30T20:15:38.830",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-3354
Vulnerability from fkie_nvd - Published: 2025-08-06 14:15 - Updated: 2025-08-13 18:22
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7241472 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*",
"matchCriteriaId": "15633ADC-6913-4AA1-8524-F139895B1C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8F29F79-3813-4B6F-A0FE-3E12711F2827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*",
"matchCriteriaId": "63F43D7A-2BB8-475A-9F95-5AD83FC2F1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*",
"matchCriteriaId": "89FE6200-3F7A-43E6-B9DB-24D1B956A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*",
"matchCriteriaId": "8632DB2C-4814-43F9-8AA9-682FB000CDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*",
"matchCriteriaId": "9D1B4834-85E5-4E41-9886-03BFD8424FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*",
"matchCriteriaId": "54AE7933-034F-459B-8C02-2850D3153437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*",
"matchCriteriaId": "643F4560-5049-466D-B4BA-18DDBBD2BEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*",
"matchCriteriaId": "3698F091-E08C-4B5C-9E85-1729A19A914F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*",
"matchCriteriaId": "DA218FEA-1091-4098-8A4C-3557924A27EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*",
"matchCriteriaId": "6993220C-C737-4876-8E52-1C0CB9F109A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*",
"matchCriteriaId": "2AAFF1A2-750F-4C08-B544-0D6BC56D2048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "056BA0BC-CA53-4103-AA0A-692226602765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*",
"matchCriteriaId": "68430D8F-B043-4179-860E-D4DADB7203E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FC469C26-0D30-40CF-8A24-AC7940DD9D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2E6529C0-2017-413A-9FF8-D3D09475E867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BF411C3F-AB57-4F4B-92C7-6F6C142F2F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*",
"matchCriteriaId": "C6BC45D1-9BE9-44FC-A99A-FF99F7393274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*",
"matchCriteriaId": "53D77364-F817-4BE8-BF25-1537180B06DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*",
"matchCriteriaId": "680F331C-D4C7-4280-9981-9848BAE460C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*",
"matchCriteriaId": "3C280072-A982-4A9F-A740-00838B72259B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring 6.3.0.7 a 6.3.0.7 Service Pack 20 es vulnerable a un desbordamiento de b\u00fafer basado en el mont\u00f3n, causado por una comprobaci\u00f3n incorrecta de los l\u00edmites. Un atacante remoto podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o provocar un fallo del servidor."
}
],
"id": "CVE-2025-3354",
"lastModified": "2025-08-13T18:22:49.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-06T14:15:39.483",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-3320
Vulnerability from fkie_nvd - Published: 2025-08-06 14:15 - Updated: 2025-08-13 18:23
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7241472 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*",
"matchCriteriaId": "15633ADC-6913-4AA1-8524-F139895B1C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F8F29F79-3813-4B6F-A0FE-3E12711F2827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*",
"matchCriteriaId": "63F43D7A-2BB8-475A-9F95-5AD83FC2F1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*",
"matchCriteriaId": "89FE6200-3F7A-43E6-B9DB-24D1B956A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*",
"matchCriteriaId": "8632DB2C-4814-43F9-8AA9-682FB000CDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*",
"matchCriteriaId": "9D1B4834-85E5-4E41-9886-03BFD8424FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*",
"matchCriteriaId": "54AE7933-034F-459B-8C02-2850D3153437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*",
"matchCriteriaId": "643F4560-5049-466D-B4BA-18DDBBD2BEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*",
"matchCriteriaId": "3698F091-E08C-4B5C-9E85-1729A19A914F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*",
"matchCriteriaId": "DA218FEA-1091-4098-8A4C-3557924A27EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*",
"matchCriteriaId": "6993220C-C737-4876-8E52-1C0CB9F109A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*",
"matchCriteriaId": "2AAFF1A2-750F-4C08-B544-0D6BC56D2048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "056BA0BC-CA53-4103-AA0A-692226602765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*",
"matchCriteriaId": "68430D8F-B043-4179-860E-D4DADB7203E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "FC469C26-0D30-40CF-8A24-AC7940DD9D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2E6529C0-2017-413A-9FF8-D3D09475E867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BF411C3F-AB57-4F4B-92C7-6F6C142F2F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*",
"matchCriteriaId": "C6BC45D1-9BE9-44FC-A99A-FF99F7393274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*",
"matchCriteriaId": "53D77364-F817-4BE8-BF25-1537180B06DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*",
"matchCriteriaId": "680F331C-D4C7-4280-9981-9848BAE460C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*",
"matchCriteriaId": "3C280072-A982-4A9F-A740-00838B72259B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring 6.3.0.7 a 6.3.0.7 Service Pack 20 es vulnerable a un desbordamiento de b\u00fafer basado en el mont\u00f3n, causado por una comprobaci\u00f3n incorrecta de los l\u00edmites. Un atacante remoto podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o provocar un fallo del servidor."
}
],
"id": "CVE-2025-3320",
"lastModified": "2025-08-13T18:23:14.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-06T14:15:39.287",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-3357
Vulnerability from fkie_nvd - Published: 2025-05-28 15:15 - Updated: 2025-06-09 18:56
Severity ?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7234923 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.3.0.7 | |
| ibm | tivoli_monitoring | 6.3.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*",
"matchCriteriaId": "15633ADC-6913-4AA1-8524-F139895B1C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*",
"matchCriteriaId": "2AAFF1A2-750F-4C08-B544-0D6BC56D2048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u00a0could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring 6.3.0.7 a 6.3.0.7 Service Pack 19 podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario debido a una validaci\u00f3n incorrecta de un valor de \u00edndice de una matriz asignada din\u00e1micamente."
}
],
"id": "CVE-2025-3357",
"lastModified": "2025-06-09T18:56:33.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-05-28T15:15:24.737",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7234923"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1285"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4311
Vulnerability from fkie_nvd - Published: 2020-04-23 15:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/177083 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6198358 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/177083 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6198358 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDE2E0B-6F98-4289-A3AF-EF4105782C7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring versi\u00f3n 6.3.0, podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema. Al colocar un archivo especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para cargar otros archivos DLL localizados en el mismo directorio y ejecutar c\u00f3digo arbitrario en el sistema. ID de IBM X-Force: 177083."
}
],
"id": "CVE-2020-4311",
"lastModified": "2024-11-21T05:32:34.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-23T15:15:14.780",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4592
Vulnerability from fkie_nvd - Published: 2020-02-13 16:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/167647 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/2278617 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/167647 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/2278617 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69C402C5-DDA4-42FF-BF67-B714C53239C1",
"versionEndIncluding": "6.3.0.7.10",
"versionStartIncluding": "6.3.0.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring Service versiones 6.3.0.7.3 hasta 6.3.0.7.10, podr\u00eda permitir a un usuario no autorizado acceder y modificar los aspectos operativos del servidor de monitoreo ITM, conllevando posiblemente a una denegaci\u00f3n del servicio efectiva o la inhabilitaci\u00f3n del servidor de monitoreo. ID de IBM X-Force: 167647."
}
],
"id": "CVE-2019-4592",
"lastModified": "2024-11-21T04:43:46.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-13T16:15:12.087",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1794
Vulnerability from fkie_nvd - Published: 2018-09-19 15:29 - Updated: 2024-11-21 03:22
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/137039 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22014097 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/137039 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22014097 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | * | |
| ibm | tivoli_monitoring | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:*:*:*:*:*:*:*:*",
"matchCriteriaId": "161EFDEA-8E0B-444D-A5E0-B3DB65596813",
"versionEndIncluding": "6.2.3.5",
"versionStartIncluding": "6.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2623FD-FF70-4E0A-A808-56C8CB9BB05D",
"versionEndIncluding": "6.3.0.7",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring desde la versi\u00f3n 6.2.3 hasta la 6.2.3.5 y desde la 6.3.0 hasta la 6.3.0.7 es vulnerable a un escalado de privilegios del usuario TEPS y una posible denegaci\u00f3n de servicio (DoS) debido a un crecimiento de memoria sin restricciones. IBM X-Force ID: 137039."
}
],
"id": "CVE-2017-1794",
"lastModified": "2024-11-21T03:22:22.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T15:29:01.233",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1789
Vulnerability from fkie_nvd - Published: 2018-03-22 12:29 - Updated: 2024-11-21 03:22
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22014096 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/137034 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22014096 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/137034 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.2.3 | |
| ibm | tivoli_monitoring | 6.2.3.1 | |
| ibm | tivoli_monitoring | 6.2.3.2 | |
| ibm | tivoli_monitoring | 6.2.3.3 | |
| ibm | tivoli_monitoring | 6.2.3.4 | |
| ibm | tivoli_monitoring | 6.2.3.5 | |
| ibm | tivoli_monitoring | 6.3.0 | |
| ibm | tivoli_monitoring | 6.3.0.1 | |
| ibm | tivoli_monitoring | 6.3.0.2 | |
| ibm | tivoli_monitoring | 6.3.0.3 | |
| ibm | tivoli_monitoring | 6.3.0.4 | |
| ibm | tivoli_monitoring | 6.3.0.5 | |
| ibm | tivoli_monitoring | 6.3.0.6 | |
| ibm | tivoli_monitoring | 6.3.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88380637-715A-49CB-A9B6-0F8411225E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94A90709-74AD-4C1B-806C-E7E335A3A773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E17308E6-B755-434F-8D2B-E5BBA37BA1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6368EC-1103-419B-8A11-14443501B435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E58E2E4-ADA3-4189-BE8C-1943CDEA7791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1EEA0F-0501-4316-BD33-ECF44BDD9008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDE2E0B-6F98-4289-A3AF-EF4105782C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9F4C32-6077-475E-A285-F98A0336C53F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0355309B-CCBF-49EA-BE50-7B8E9B637473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C781C7-70D8-44EA-8847-54815053A092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F409ECF-2033-49E0-9599-DD827CD4DB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C84EAD-BA6A-45B8-A628-2E5003E87778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00506901-696A-4EC1-B560-08BBDCBB41CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7484661E-4906-4027-B4B7-9AA952661923",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring V6 6.2.3 y 6.3.0 podr\u00eda permitir que un usuario no autenticado ejecute c\u00f3digo de forma remota mediante m\u00e9todos sin especificar. IBM X-Force ID: 137034."
}
],
"id": "CVE-2017-1789",
"lastModified": "2024-11-21T03:22:22.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-22T12:29:00.503",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1635
Vulnerability from fkie_nvd - Published: 2017-12-13 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010554 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101905 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/133243 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010554 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101905 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/133243 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.2.2 | |
| ibm | tivoli_monitoring | 6.2.2.2 | |
| ibm | tivoli_monitoring | 6.2.2.3 | |
| ibm | tivoli_monitoring | 6.2.2.4 | |
| ibm | tivoli_monitoring | 6.2.2.5 | |
| ibm | tivoli_monitoring | 6.2.2.6 | |
| ibm | tivoli_monitoring | 6.2.2.7 | |
| ibm | tivoli_monitoring | 6.2.2.8 | |
| ibm | tivoli_monitoring | 6.2.2.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E20435-C3A0-4A57-B82A-595A48BB0991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7299B1C8-7BC2-4F42-B19E-4D0D2E599D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC98EF0-EDCA-47D8-A4CE-083E3AA0376C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6522CFEE-4368-4596-8DB9-18247AB19C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E386E16-9F8F-4444-A190-EF964CA339F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC24B012-A887-4A3F-A32C-80435C64BC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B310DC-21E5-4A0D-A3D6-B0FD21C6C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "499FAEEF-0533-44FE-8249-AE40C6233E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8B4310-F5D2-4448-89C1-E6D656351E7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
},
{
"lang": "es",
"value": "IBM Tivoli Monitoring V6 6.2.2.x podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en el sistema, provocado por un error de uso de memoria previamente liberada. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema o provocar que la aplicaci\u00f3n se cierre inesperadamente. IBM X-Force ID: 133243."
}
],
"id": "CVE-2017-1635",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-13T18:29:00.363",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101905"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-3356 (GCVE-0-2025-3356)
Vulnerability from cvelistv5 – Published: 2025-10-30 19:22 – Updated: 2025-10-30 19:41
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:38:43.818984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:41:12.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view, overwrite, or append to arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view, overwrite, or append to arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:22:37.371Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3356",
"datePublished": "2025-10-30T19:22:37.371Z",
"dateReserved": "2025-04-06T21:05:59.220Z",
"dateUpdated": "2025-10-30T19:41:12.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3355 (GCVE-0-2025-3355)
Vulnerability from cvelistv5 – Published: 2025-10-30 19:21 – Updated: 2025-10-30 19:51
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:49:59.308067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:51:08.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:21:42.496Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3355",
"datePublished": "2025-10-30T19:21:42.496Z",
"dateReserved": "2025-04-06T21:02:26.939Z",
"dateUpdated": "2025-10-30T19:51:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3354 (GCVE-0-2025-3354)
Vulnerability from cvelistv5 – Published: 2025-08-06 13:50 – Updated: 2025-08-07 03:55
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:21.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:50:06.240Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3354",
"datePublished": "2025-08-06T13:50:06.240Z",
"dateReserved": "2025-04-06T20:57:16.315Z",
"dateUpdated": "2025-08-07T03:55:21.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3320 (GCVE-0-2025-3320)
Vulnerability from cvelistv5 – Published: 2025-08-06 13:49 – Updated: 2025-08-07 03:55
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:20.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:49:35.970Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3320",
"datePublished": "2025-08-06T13:49:35.970Z",
"dateReserved": "2025-04-05T13:35:40.648Z",
"dateUpdated": "2025-08-07T03:55:20.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3357 (GCVE-0-2025-3357)
Vulnerability from cvelistv5 – Published: 2025-05-28 14:51 – Updated: 2025-08-26 14:56
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
Severity ?
9.8 (Critical)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP15
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T03:55:49.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP15",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u0026nbsp;could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u00a0could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:56:28.301Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234923"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3357",
"datePublished": "2025-05-28T14:51:29.649Z",
"dateReserved": "2025-04-06T21:14:20.726Z",
"dateUpdated": "2025-08-26T14:56:28.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4311 (GCVE-0-2020-4311)
Vulnerability from cvelistv5 – Published: 2020-04-23 13:10 – Updated: 2024-09-16 18:59
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:06.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0"
}
]
}
],
"datePublic": "2020-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/S:U/UI:N/A:H/C:H/I:H/PR:N/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T13:10:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-22T00:00:00",
"ID": "CVE-2020-4311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6198358",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6198358 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4311",
"datePublished": "2020-04-23T13:10:23.928628Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:59:33.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4592 (GCVE-0-2019-4592)
Vulnerability from cvelistv5 – Published: 2020-02-13 15:40 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7.3
Affected: 6.3.0.7.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0.7.3"
},
{
"status": "affected",
"version": "6.3.0.7.10"
}
]
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:N/C:N/S:U/AC:L/I:N/UI:N/PR:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T15:40:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-12T00:00:00",
"ID": "CVE-2019-4592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0.7.3"
},
{
"version_value": "6.3.0.7.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2278617",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2278617 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4592",
"datePublished": "2020-02-13T15:40:21.327502Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:01:14.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1794 (GCVE-0-2017-1794)
Vulnerability from cvelistv5 – Published: 2018-09-19 15:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.2.3
Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.3.0 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-19T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-17T00:00:00",
"ID": "CVE-2017-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1794",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:57:57.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1789 (GCVE-0-2017-1789)
Vulnerability from cvelistv5 – Published: 2018-03-22 12:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
Severity ?
9.8 (Critical)
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3
Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T11:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2017-1789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014096",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1789",
"datePublished": "2018-03-22T12:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:35:36.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1635 (GCVE-0-2017-1635)
Vulnerability from cvelistv5 – Published: 2017-12-13 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.2
Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-17T00:00:00",
"ID": "CVE-2017-1635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010554",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1635",
"datePublished": "2017-12-13T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:38:14.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3356 (GCVE-0-2025-3356)
Vulnerability from nvd – Published: 2025-10-30 19:22 – Updated: 2025-10-30 19:41
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:38:43.818984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:41:12.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view, overwrite, or append to arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view, overwrite, or append to arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:22:37.371Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3356",
"datePublished": "2025-10-30T19:22:37.371Z",
"dateReserved": "2025-04-06T21:05:59.220Z",
"dateUpdated": "2025-10-30T19:41:12.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3355 (GCVE-0-2025-3355)
Vulnerability from nvd – Published: 2025-10-30 19:21 – Updated: 2025-10-30 19:51
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 Service Pack 21
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T19:49:59.308067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:51:08.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 Service Pack 21",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \u0026quot;dot dot\u0026quot; sequences (/../) to view arbitrary files on the system.\u003c/p\u003e"
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:21:42.496Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249694"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability by following the steps provided in the following technote: Remediation of CVE-2025-3355 and CVE-2025-3356"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3355",
"datePublished": "2025-10-30T19:21:42.496Z",
"dateReserved": "2025-04-06T21:02:26.939Z",
"dateUpdated": "2025-10-30T19:51:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3354 (GCVE-0-2025-3354)
Vulnerability from nvd – Published: 2025-08-06 13:50 – Updated: 2025-08-07 03:55
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:21.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:50:06.240Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3354",
"datePublished": "2025-08-06T13:50:06.240Z",
"dateReserved": "2025-04-06T20:57:16.315Z",
"dateUpdated": "2025-08-07T03:55:21.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3320 (GCVE-0-2025-3320)
Vulnerability from nvd – Published: 2025-08-06 13:49 – Updated: 2025-08-07 03:55
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP20
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T03:55:20.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP20",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T13:49:35.970Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\u003cbr\u003e\u003cbr\u003e6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021\n\n6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3320",
"datePublished": "2025-08-06T13:49:35.970Z",
"dateReserved": "2025-04-05T13:35:40.648Z",
"dateUpdated": "2025-08-07T03:55:20.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3357 (GCVE-0-2025-3357)
Vulnerability from nvd – Published: 2025-05-28 14:51 – Updated: 2025-08-26 14:56
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
Severity ?
9.8 (Critical)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7 , ≤ 6.3.0.7 SP15
(semver)
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:* |
Credits
Aleksandr Tlyapov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T03:55:49.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_15:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.3.0.7 SP15",
"status": "affected",
"version": "6.3.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksandr Tlyapov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u0026nbsp;could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u00a0could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:56:28.301Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234923"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Monitoring code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3357",
"datePublished": "2025-05-28T14:51:29.649Z",
"dateReserved": "2025-04-06T21:14:20.726Z",
"dateUpdated": "2025-08-26T14:56:28.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4311 (GCVE-0-2020-4311)
Vulnerability from nvd – Published: 2020-04-23 13:10 – Updated: 2024-09-16 18:59
VLAI?
Summary
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:06.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0"
}
]
}
],
"datePublic": "2020-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/S:U/UI:N/A:H/C:H/I:H/PR:N/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T13:10:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-22T00:00:00",
"ID": "CVE-2020-4311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6198358",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6198358 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/6198358"
},
{
"name": "ibm-tivoli-cve20204311-code-exec (177083)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4311",
"datePublished": "2020-04-23T13:10:23.928628Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:59:33.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4592 (GCVE-0-2019-4592)
Vulnerability from nvd – Published: 2020-02-13 15:40 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.3.0.7.3
Affected: 6.3.0.7.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.3.0.7.3"
},
{
"status": "affected",
"version": "6.3.0.7.10"
}
]
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:N/C:N/S:U/AC:L/I:N/UI:N/PR:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T15:40:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-12T00:00:00",
"ID": "CVE-2019-4592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.3.0.7.3"
},
{
"version_value": "6.3.0.7.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/2278617",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2278617 (Tivoli Monitoring)",
"url": "https://www.ibm.com/support/pages/node/2278617"
},
{
"name": "ibm-tivoli-cve20194592-dos (167647)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4592",
"datePublished": "2020-02-13T15:40:21.327502Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:01:14.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1794 (GCVE-0-2017-1794)
Vulnerability from nvd – Published: 2018-09-19 15:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring |
Affected:
6.2.3
Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.3.0 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-19T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-17T00:00:00",
"ID": "CVE-2017-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1794",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:57:57.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1789 (GCVE-0-2017-1789)
Vulnerability from nvd – Published: 2018-03-22 12:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
Severity ?
9.8 (Critical)
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.3
Affected: 6.3.0 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.3.0.1 Affected: 6.3.0.2 Affected: 6.3.0.3 Affected: 6.3.0.4 Affected: 6.3.0.5 Affected: 6.3.0.6 Affected: 6.3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.3.0.1"
},
{
"status": "affected",
"version": "6.3.0.2"
},
{
"status": "affected",
"version": "6.3.0.3"
},
{
"status": "affected",
"version": "6.3.0.4"
},
{
"status": "affected",
"version": "6.3.0.5"
},
{
"status": "affected",
"version": "6.3.0.6"
},
{
"status": "affected",
"version": "6.3.0.7"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T11:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2017-1789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014096",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014096"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1789",
"datePublished": "2018-03-22T12:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:35:36.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1635 (GCVE-0-2017-1635)
Vulnerability from nvd – Published: 2017-12-13 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Tivoli Monitoring V6 |
Affected:
6.2.2
Affected: 6.2.2.2 Affected: 6.2.2.3 Affected: 6.2.2.4 Affected: 6.2.2.5 Affected: 6.2.2.6 Affected: 6.2.2.7 Affected: 6.2.2.8 Affected: 6.2.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Monitoring V6",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.2"
},
{
"status": "affected",
"version": "6.2.2.3"
},
{
"status": "affected",
"version": "6.2.2.4"
},
{
"status": "affected",
"version": "6.2.2.5"
},
{
"status": "affected",
"version": "6.2.2.6"
},
{
"status": "affected",
"version": "6.2.2.7"
},
{
"status": "affected",
"version": "6.2.2.8"
},
{
"status": "affected",
"version": "6.2.2.9"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-17T00:00:00",
"ID": "CVE-2017-1635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring V6",
"version": {
"version_data": [
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.2"
},
{
"version_value": "6.2.2.3"
},
{
"version_value": "6.2.2.4"
},
{
"version_value": "6.2.2.5"
},
{
"version_value": "6.2.2.6"
},
{
"version_value": "6.2.2.7"
},
{
"version_value": "6.2.2.8"
},
{
"version_value": "6.2.2.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010554",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
},
{
"name": "101905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1635",
"datePublished": "2017-12-13T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:38:14.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}