CVE-2017-1181

CWE-319 — Cleartext Transmission4 documents4 sources

Severity

7.0HIGH

EPSS

0.0%

top 90.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Monitoring V6 IBM Tivoli Monitoring

Timeline

PublishedJul 17

Latest updateMay 13

Description

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/tivoli_monitoring6.2.2.9, 6.2.3.5, 6.3.0.7+2

▶CVEListV5ibm/tivoli_monitoring_v66.2.2.9, 6.2.3.5, 6.3.0.7+2

🔴Vulnerability Details

GHSA

GHSA-9jg8-998r-3fxr: IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default conso↗2022-05-13

▶

CVEList

CVE-2017-1181: IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default conso↗2017-07-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'win32k!NtGdiGetRealizationInfo' Kernel Stack Memory Disclosure↗2017-06-22

▶