HIGH🇬🇧 English

CVE-2025-3355

CVSS 7.5v3.1pub. 2025-10-30upd. 2025-11-07

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • IBM Tivoli Monitoring

    APP
    Ibm
    6.3.0.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2025-3357CRITICAL9.8PL ✓ten sam produkt

RCE w IBM Tivoli Monitoring — nieprawidłowa walidacja indeksu tablicy

CVE-2017-1789CRITICAL9.8ten sam produkt

IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through ...

CVE-2015-7411CRITICAL9.9ten sam produkt

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 a...

CVE-2025-3356HIGH8.6ten sam produkt

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse direct...

CVE-2025-3354HIGH8.1ten sam produkt

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, c...