CVE-2017-1182

7 documents6 sources

Severity

7.5HIGH

EPSS

2.6%

top 14.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Monitoring V6 IBM Tivoli Monitoring

Timeline

PublishedJul 17

Latest updateMay 13

Description

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/tivoli_monitoring6.2.2.9, 6.2.3.5, 6.3.0.7+2

▶CVEListV5ibm/tivoli_monitoring_v66.2.2.9, 6.2.3.5, 6.3.0.7+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-p2fv-2h5q-jvfw: IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-serve↗2022-05-13

▶

CVEList

CVE-2017-1182: IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-serve↗2017-07-14

▶

VulnCheck

IBM Tivoli Monitoring Portal v6 HTTP Arbitrary Command Execution Vulnerability↗2017

▶

💥Exploits & PoCs

Exploit-DB

LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read↗2017-07-06

▶

Exploit-DB

Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure↗2017-05-15

▶