CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1794
https://notcve.org/view.php?id=CVE-2017-1794
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039. IBM Tivoli Monitoring desde la versión 6.2.3 hasta la 6.2.3.5 y desde la 6.3.0 hasta la 6.3.0.7 es vulnerable a un escalado de privilegios del usuario TEPS y una posible denegación de servicio (DoS) debido a un crecimiento de memoria sin restricciones. IBM X-Force ID: 137039. • https://exchange.xforce.ibmcloud.com/vulnerabilities/137039 https://www.ibm.com/support/docview.wss?uid=swg22014097 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1789
https://notcve.org/view.php?id=CVE-2017-1789
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. IBM Tivoli Monitoring V6 6.2.3 y 6.3.0 podría permitir que un usuario no autenticado ejecute código de forma remota mediante métodos sin especificar. IBM X-Force ID: 137034. • http://www.ibm.com/support/docview.wss?uid=swg22014096 https://exchange.xforce.ibmcloud.com/vulnerabilities/137034 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1182
https://notcve.org/view.php?id=CVE-2017-1182
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. IBM Tivoli Monitoring Portal v6 permite a un atacante local o de una red adyacente ejecutar comando aleatorios en el sistema, cuando las comunicaciones por defecto entre el cliente y el servidor HTTP están siendo usadas. IBM X-Force ID: 123494. • http://www.ibm.com/support/docview.wss?uid=swg22003402 http://www.securitytracker.com/id/1038913 https://exchange.xforce.ibmcloud.com/vulnerabilities/123493 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1183
https://notcve.org/view.php?id=CVE-2017-1183
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. IBM Tivoli Monitoring Portal v6 permite a un atacante local o de una red adyacente modificar comando SQL al Portal Server, cuando las comunicaciones por defecto entre el cliente y el servidor HTTP están siendo usadas. IBM X-Force ID: 123494. • http://www.ibm.com/support/docview.wss?uid=swg22003402 http://www.securityfocus.com/bid/99610 http://www.securitytracker.com/id/1038913 https://exchange.xforce.ibmcloud.com/vulnerabilities/123494 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1181
https://notcve.org/view.php?id=CVE-2017-1181
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. IBM Tivoli Monitoring Portal V6 permite a un atacante local escalar privilegios para IBM Tivoli Monitoring, causando que la conexión por defecto de la consola no sea encriptada. IBM X-Force ID: 123487. • http://www.ibm.com/support/docview.wss?uid=swg22003402 http://www.securityfocus.com/bid/99596 http://www.securitytracker.com/id/1038913 https://exchange.xforce.ibmcloud.com/vulnerabilities/123487 • CWE-319: Cleartext Transmission of Sensitive Information •