Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2015-02-01 |
| Product | Tivoli Monitoring | Last view | 2020-02-13 |
| Version | 6.3.0.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:tivoli_monitoring | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2020-02-13 | CVE-2019-4592 | IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647. |
| 7.5 | 2018-09-19 | CVE-2017-1794 | IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039. |
| 9.8 | 2018-03-22 | CVE-2017-1789 | IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. |
| 5.3 | 2017-06-27 | CVE-2016-6083 | IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. |
| 4.6 | 2017-03-08 | CVE-2016-5933 | IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. |
| 8.5 | 2015-02-01 | CVE-2014-6141 | IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 20% (1) | CWE-254 | Security Features |
| 20% (1) | CWE-200 | Information Exposure |
| 20% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-06-30 | Name: An application installed on the Windows host is affected by an information di... File: ibm_tms_config_soap_is_secure.nasl - Type: ACT_GATHER_INFO |
