CVE-2015-5003

Published: Jan 3, 2016Modified: May 6, 2026

8.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: NVD

Description

The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.

Affected (3)

Products: Ibm: Tivoli Monitoring

Ibm

1 product

Tivoli Monitoring

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Monitoring	Version 6.2.2
Ibm Tivoli Monitoring	Version 6.2.3
Ibm Tivoli Monitoring	Version 6.3.0

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1IV77742

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21970361

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securitytracker.com/id/1034924

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1IV77742

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21970361

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1034924

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.