Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0107

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUM

EPSS

7.2%

top 8.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Change AND Configuration Management Database IBM Maximo Asset Management IBM Maximo Asset Management Essentials +8 more

Timeline

PublishedApr 24

Latest updateMay 17

Description

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDibm/maximo_asset_management8 versions+7

▶NVDibm/tivoli_asset_management7.1, 7.2+1

▶NVDibm/maximo_asset_management_essentials7.1

▶NVDibm/change_and_configuration_management_database7.1, 7.2+1

▶NVDibm/tivoli_service_request_manager7.1, 7.2+1

🔴Vulnerability Details

GHSA

GHSA-p33x-cg95-phvw: IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7↗2022-05-17

▶

CVEList

CVE-2015-0107: IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7↗2017-04-24

▶

💥Exploits & PoCs

Exploit-DB

IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution↗2014-12-12

▶