Remote Command Execution Vulnerability in IBM Tivoli Monitoring
CVE-2015-5003

8.5HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 January 2016

Summary

The portal in IBM Tivoli Monitoring versions 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 is vulnerable to a remote command execution issue. This enables authenticated users to exploit the Take Action view authority by submitting specially crafted input, potentially executing arbitrary commands within the system. Organizations using affected versions should apply updates or patches to mitigate this risk.

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.