SQL Injection Vulnerability in IBM Tivoli Monitoring Portal
CVE-2017-1183

7.5HIGH

Key Information:

Vendor: IBM
Status: Tivoli Monitoring V6
Vendor: CVE Published:; 17 July 2017

Summary

The IBM Tivoli Monitoring Portal v6 has a vulnerability that allows local (network adjacent) attackers to manipulate SQL commands directed at the Portal Server through default HTTP communications. This flaw can expose sensitive data and lead to unauthorized actions within the monitoring environment if exploited.

Affected Version(s)

Tivoli Monitoring V6 6.2.3.5

Tivoli Monitoring V6 6.2.2.9

Tivoli Monitoring V6 6.3.0.7

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123494

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22003402

x_refsource_CONFIRM

http://www.securityfocus.com/bid/99610

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Nov 30, 2016

.