Local Privilege Escalation in IBM Tivoli Monitoring Portal V6
CVE-2017-1181

7HIGH

Key Information:

Vendor
IBM
Status
Tivoli Monitoring V6
Vendor
CVE Published:
17 July 2017

Summary

The IBM Tivoli Monitoring Portal V6 client has a vulnerability that may allow a local attacker to gain elevated privileges due to the default console connection not being encrypted. This weakness can result in unauthorized actions within the IBM Tivoli Monitoring environment, posing a significant security risk for organizations. Proper measures should be taken to secure communications and mitigate potential exploitation of this vulnerability.

Affected Version(s)

Tivoli Monitoring V6 6.2.3.5

Tivoli Monitoring V6 6.2.2.9

Tivoli Monitoring V6 6.3.0.7

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123487
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22003402
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99596
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.