Remote Command Execution Vulnerability in IBM Tivoli Monitoring
CVE-2015-5003

8.5HIGH

Key Information:

Vendor
IBM
Status
Tivoli Monitoring
Vendor
CVE Published:
3 January 2016

Summary

The portal in IBM Tivoli Monitoring versions 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 is vulnerable to a remote command execution issue. This enables authenticated users to exploit the Take Action view authority by submitting specially crafted input, potentially executing arbitrary commands within the system. Organizations using affected versions should apply updates or patches to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV77742
vendor-advisoryx_refsource_AIXAPAR
http://www.securitytracker.com/id/1034924
vdb-entryx_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21970361
x_refsource_CONFIRM

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.