Access Control Flaw in IBM Tivoli Monitoring Service
CVE-2019-4592

7.5HIGH

Key Information:

Vendor: IBM
Status: Tivoli Monitoring
Vendor: CVE Published:; 13 February 2020

Summary

An access control weakness in IBM Tivoli Monitoring Service versions 6.3.0.7.3 to 6.3.0.7.10 may permit unauthorized users to change key operational parameters of the ITM monitoring server. This vulnerability could be exploited to disrupt monitoring services effectively, leading to substantial operational setbacks for organizations relying on this tool for IT management.

Affected Version(s)

Tivoli Monitoring 6.3.0.7.3

Tivoli Monitoring 6.3.0.7.10

References

https://www.ibm.com/support/pages/node/2278617

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/167647

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2020
Vulnerability Reserved
Jan 3, 2019