CRITICAL🇵🇱 Wersja polska

CVE-2025-3357

CVSS 9.8v3.1pub. 2025-05-28upd. 2025-06-09

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.

🤖 AI Analysis
How it works

The vulnerability results from improper validation of dynamically allocated array index values (CWE-1285, CWE-129). An attacker can supply specially crafted input data that causes access to an incorrect array index. This leads to memory corruption or other undefined behavior, which can subsequently be exploited to execute arbitrary code (RCE) without authentication.

Impact

An attacker can remotely execute arbitrary code on the affected system, potentially resulting in complete server compromise, violation of confidentiality, integrity, and data availability.

Mitigation & patch

Apply patches available from the vendor according to the references — detailed information about available fixes can be found at: https://www.ibm.com/support/pages/node/7234923

Who is affected

IBM Tivoli Monitoring in versions 6.3.0.7 through 6.3.0.7 Service Pack 19 (inclusive).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Tivoli Monitoring

    APP
    Ibm
    6.3.0.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2017-1789CRITICAL9.8ten sam produkt

IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through ...

CVE-2015-7411CRITICAL9.9ten sam produkt

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 a...

CVE-2025-3356HIGH8.6ten sam produkt

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse direct...

CVE-2025-3355HIGH7.5ten sam produkt

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse direct...

CVE-2025-3354HIGH8.1ten sam produkt

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, c...