CVE-2016-8925
medium
CVSS v3
6.5
CVSS v2
6.8
VIR risk
6.5
Description
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2.0 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2.1 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2.2 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2.3 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2.4 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.2.2.5 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.3.0 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.3.0.0 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.3.0.1 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.3.0.2 | |
| ibm | tivoli_application_dependency_discovery_manager | 7.3.0.3 | |
References
- http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E
- http://www.securityfocus.com/bid/97625
- http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E
- http://www.securityfocus.com/bid/97625
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.