CVE-2025-3355
published 2025-10-30CVE-2025-3355: IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | tivoli_monitoring | — | — |
| ibm | tivoli_monitoring | 6.3.0.7 – 6.3.0.7 Service Pack 21 | — |
| msrc | cbl2_kernel_5.15.118.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_kernel_5.10.185.1-1_on_cbl_mariner_1.0 | — | — |