CVE-2015-0107

MEDIUM

IBM Maximo Asset Management 7.1-7.1.1.8, 7.5 < 7.5.0.7 IFIX003, 7.6 < 7.6.0.0 IFIX002 - Authenticated Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0107. PoCs published by Jakub Palaczynski.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in IBM Tivoli Service Automation Manager to upload a malicious JSP file, achieving remote code execution. The attacker injects a JSP payload via a SOAP request to create a web shell.

Description

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

Exploits (1)

exploitdb WORKING POC
by Jakub Palaczynski · textwebappsjsp
https://www.exploit-db.com/exploits/36002

This exploit leverages a path traversal vulnerability in IBM Tivoli Service Automation Manager to upload a malicious JSP file, achieving remote code execution. The attacker injects a JSP payload via a SOAP request to create a web shell.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IBM Tivoli Service Automation Manager up to 7.2.4
Auth required
Prerequisites: Valid session ID · Access to a valid report and appname · Ability to intercept and modify SOAP requests
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97998
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21694974

Scores

CVSS v3 6.5
EPSS 0.0596
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (21)
ibm/change_and_configuration_management_database 7.1
ibm/change_and_configuration_management_database 7.2
ibm/maximo_asset_management 7.1
ibm/maximo_asset_management 7.1.1
ibm/maximo_asset_management 7.1.1.1
ibm/maximo_asset_management 7.1.1.2
ibm/maximo_asset_management 7.1.1.5
ibm/maximo_asset_management 7.1.1.6
ibm/maximo_asset_management 7.1.1.7
ibm/maximo_asset_management 7.1.1.8
... and 11 more
Published Apr 24, 2017
Tracked Since Feb 18, 2026