This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2015-02-01
Product Tivoli Monitoring Last view 2020-04-23
Version 6.3.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:tivoli_monitoring

Activity : Overall

Related : CVE

  Date Alert Description
7 2020-04-23 CVE-2020-4311

IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.

7.5 2020-02-13 CVE-2019-4592

IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.

7.5 2018-09-19 CVE-2017-1794

IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.

9.8 2018-03-22 CVE-2017-1789

IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.

5.3 2017-06-27 CVE-2016-6083

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.

4.6 2017-03-08 CVE-2016-5933

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.

7.8 2016-12-01 CVE-2016-2946

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors.

9.9 2016-03-11 CVE-2015-7411

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

8.5 2016-01-03 CVE-2015-5003

The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.

8.5 2015-02-01 CVE-2014-6141

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.

CWE : Common Weakness Enumeration

%idName
22% (2) CWE-264 Permissions, Privileges, and Access Controls
11% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
11% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
11% (1) CWE-254 Security Features
11% (1) CWE-200 Information Exposure
11% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
11% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...

Snort® IPS/IDS

Date Description
2017-02-17 Adobe Acrobat Reader APP13 heap overflow attempt
RuleID : 41330 - Type : FILE-PDF - Revision : 2
2017-02-17 Adobe Acrobat Reader APP13 heap overflow attempt
RuleID : 41329 - Type : FILE-PDF - Revision : 2

Nessus® Vulnerability Scanner

id Description
2017-06-30 Name: An application installed on the Windows host is affected by an information di...
File: ibm_tms_config_soap_is_secure.nasl - Type: ACT_GATHER_INFO