CVE-2015-0107
MEDIUMIBM Maximo Asset Management 7.1-7.1.1.8, 7.5 < 7.5.0.7 IFIX003, 7.6 < 7.6.0.0 IFIX002 - Authenticated Path Traversal
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-0107. PoCs published by Jakub Palaczynski.
AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in IBM Tivoli Service Automation Manager to upload a malicious JSP file, achieving remote code execution. The attacker injects a JSP payload via a SOAP request to create a web shell.
Description
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
Exploits (1)
This exploit leverages a path traversal vulnerability in IBM Tivoli Service Automation Manager to upload a malicious JSP file, achieving remote code execution. The attacker injects a JSP payload via a SOAP request to create a web shell.
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N