CVE-2015-5003
https://notcve.org/view.php?id=CVE-2015-5003
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. El portal en IBM Tivoli Monitoring (ITM) 6.2.2 hasta la versión FP9, 6.2.3 hasta la versión FP5 y 6.3.0 en versiones anteriores a FP7 permite a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando la autoridad de la vista Take Action y proveyendo una entrada manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV77742 http://www-01.ibm.com/support/docview.wss?uid=swg21970361 http://www.securitytracker.com/id/1034924 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-6141
https://notcve.org/view.php?id=CVE-2014-6141
IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. IBM Tivoli Monitoring (ITM) 6.2.0 hasta FP03, 6.2.1 hasta FP04, 6.2.2 hasta FP09, 6.2.3 hasta FP05, y 6.3.0 anterior a FP04 permite a usuarios remotos autenticados evadir las restricciones de acceso y ejecutar comandos arbitrarios mediante el aprovechamiento de la autoridad de visualización 'Take Action' para modificar los comandos en proceso. • http://www-01.ibm.com/support/docview.wss?uid=swg21690932 https://exchange.xforce.ibmcloud.com/vulnerabilities/96911 • CWE-264: Permissions, Privileges, and Access Controls •