This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2015-02-01
Product Tivoli Monitoring Last view 2020-02-13
Version 6.3.0.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:tivoli_monitoring

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-02-13 CVE-2019-4592

IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.

7.5 2018-09-19 CVE-2017-1794

IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.

9.8 2018-03-22 CVE-2017-1789

IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.

5.3 2017-06-27 CVE-2016-6083

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.

4.6 2017-03-08 CVE-2016-5933

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.

8.5 2015-02-01 CVE-2014-6141

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-254 Security Features
20% (1) CWE-200 Information Exposure
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Nessus® Vulnerability Scanner

id Description
2017-06-30 Name: An application installed on the Windows host is affected by an information di...
File: ibm_tms_config_soap_is_secure.nasl - Type: ACT_GATHER_INFO