SQL Injection Vulnerability in IBM Tivoli Monitoring Portal
CVE-2017-1183
7.5HIGH
Summary
The IBM Tivoli Monitoring Portal v6 has a vulnerability that allows local (network adjacent) attackers to manipulate SQL commands directed at the Portal Server through default HTTP communications. This flaw can expose sensitive data and lead to unauthorized actions within the monitoring environment if exploited.
Affected Version(s)
Tivoli Monitoring V6 6.2.3.5
Tivoli Monitoring V6 6.2.2.9
Tivoli Monitoring V6 6.3.0.7
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved