10 results (0.017 seconds)

CVSS: 8.5EPSS: 0%CPEs: 33EXPL: 0

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. IBM Tivoli Monitoring (ITM) 6.2.0 hasta FP03, 6.2.1 hasta FP04, 6.2.2 hasta FP09, 6.2.3 hasta FP05, y 6.3.0 anterior a FP04 permite a usuarios remotos autenticados evadir las restricciones de acceso y ejecutar comandos arbitrarios mediante el aprovechamiento de la autoridad de visualización 'Take Action' para modificar los comandos en proceso. • http://www-01.ibm.com/support/docview.wss?uid=swg21690932 https://exchange.xforce.ibmcloud.com/vulnerabilities/96911 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 4%CPEs: 23EXPL: 0

Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL. Desbordamiento de búfer en KDSMAIN en el componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos causar una denegación de servicio mediante una URL especialmente diseñada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos inyectar inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 2%CPEs: 23EXPL: 0

The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (abend) via a crafted URL. El componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 hasta FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacates remotos causar unad enegación de servicio mediante una URL especialmente diseñada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic. El servidor web interno en el componente Basic Services en IBM Tivoli Monitoring (ITM) v6.2.0 hasta FP3, v6.2.1 hasta FP4, v6.2.2 hasta FP9, y v6.2.3 anterior a FP3, como se utilizaba en IBM Application Manager para Smart Business (Tivoli Foundations Application Manager) v1.2.1 anterior a v1.2.1.0-TIV-IAMSB-FP0004 y otros productos, permite a atacantes remotos llevar a cabo redirecciones HTTP no especificadas, y eludir la configuración proxy-server, mediante tráfico HTTP especialmente diseñado. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192 http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115 http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •