CVE-2017-1183

CWE-89 — SQL Injection3 documents3 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Monitoring V6 IBM Tivoli Monitoring

Timeline

PublishedJul 17

Latest updateMay 17

Description

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/tivoli_monitoring6.2.2.9, 6.2.3.5, 6.3.0.7+2

▶CVEListV5ibm/tivoli_monitoring_v66.2.2.9, 6.2.3.5, 6.3.0.7+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-66vv-9pj3-6mfw: IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-serve↗2022-05-17

▶

CVEList

CVE-2017-1183: IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-serve↗2017-07-14

▶