CVE-2015-0107

MEDIUM

IBM Change And Configuration Management Database - Path Traversal

Title source: rule

Description

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

by Jakub Palaczynski · textwebappsjsp

https://www.exploit-db.com/exploits/36002

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21694974

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97998

Scores

CVSS v3 6.5

EPSS 0.0717

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (22)

ibm/change_and_configuration_management_database

ibm/maximo_asset_management

ibm/maximo_asset_management_essentials

ibm/maximo_for_government

ibm/maximo_for_life_sciences

ibm/maximo_for_nuclear_power

ibm/maximo_for_oil_and_gas

... and 7 more

Timeline

Published Apr 24, 2017

Tracked Since Feb 18, 2026