CVE-2015-7411
critical
CVSS v3
9.9
CVSS v2
9.0
VIR risk
9.9
Description
The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21973559
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.2.2 | |
| ibm | tivoli_monitoring | 6.2.2.1 | |
| ibm | tivoli_monitoring | 6.2.2.2 | |
| ibm | tivoli_monitoring | 6.2.2.3 | |
| ibm | tivoli_monitoring | 6.2.2.4 | |
| ibm | tivoli_monitoring | 6.2.2.5 | |
| ibm | tivoli_monitoring | 6.2.2.6 | |
| ibm | tivoli_monitoring | 6.2.2.7 | |
| ibm | tivoli_monitoring | 6.2.2.8 | |
| ibm | tivoli_monitoring | 6.2.2.9 | |
| ibm | tivoli_monitoring | 6.2.3 | |
| ibm | tivoli_monitoring | 6.3.0 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV77992
- http://www-01.ibm.com/support/docview.wss?uid=swg21973559
- http://www.securitytracker.com/id/1035240
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV77992
- http://www-01.ibm.com/support/docview.wss?uid=swg21973559
- http://www.securitytracker.com/id/1035240
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.