CVE-2015-0107
MEDIUMIBM Change And Configuration Management Database - Path Traversal
Title source: ruleDescription
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
Exploits (1)
exploitdb
WORKING POC
by Jakub Palaczynski · textwebappsjsp
https://www.exploit-db.com/exploits/36002
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97998
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21694974
Scores
CVSS v3
6.5
EPSS
0.0717
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (21)
ibm/change_and_configuration_management_database
7.1
ibm/change_and_configuration_management_database
7.2
ibm/maximo_asset_management
7.1
ibm/maximo_asset_management
7.1.1
ibm/maximo_asset_management
7.1.1.1
ibm/maximo_asset_management
7.1.1.2
ibm/maximo_asset_management
7.1.1.5
ibm/maximo_asset_management
7.1.1.6
ibm/maximo_asset_management
7.1.1.7
ibm/maximo_asset_management
7.1.1.8
... and 11 more
Published
Apr 24, 2017
Tracked Since
Feb 18, 2026