CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5003
https://notcve.org/view.php?id=CVE-2015-5003
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. El portal en IBM Tivoli Monitoring (ITM) 6.2.2 hasta la versión FP9, 6.2.3 hasta la versión FP5 y 6.3.0 en versiones anteriores a FP7 permite a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando la autoridad de la vista Take Action y proveyendo una entrada manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV77742 http://www-01.ibm.com/support/docview.wss?uid=swg21970361 http://www.securitytracker.com/id/1034924 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 33EXPL: 0CVE-2014-6141
https://notcve.org/view.php?id=CVE-2014-6141
IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. IBM Tivoli Monitoring (ITM) 6.2.0 hasta FP03, 6.2.1 hasta FP04, 6.2.2 hasta FP09, 6.2.3 hasta FP05, y 6.3.0 anterior a FP04 permite a usuarios remotos autenticados evadir las restricciones de acceso y ejecutar comandos arbitrarios mediante el aprovechamiento de la autoridad de visualización 'Take Action' para modificar los comandos en proceso. • http://www-01.ibm.com/support/docview.wss?uid=swg21690932 https://exchange.xforce.ibmcloud.com/vulnerabilities/96911 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0548
https://notcve.org/view.php?id=CVE-2013-0548
Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos inyectar inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 4%CPEs: 23EXPL: 0CVE-2013-2960
https://notcve.org/view.php?id=CVE-2013-2960
Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL. Desbordamiento de búfer en KDSMAIN en el componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos causar una denegación de servicio mediante una URL especialmente diseñada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 23EXPL: 0CVE-2013-0551
https://notcve.org/view.php?id=CVE-2013-0551
The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (abend) via a crafted URL. El componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 hasta FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacates remotos causar unad enegación de servicio mediante una URL especialmente diseñada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •